What is Bring Your Own Device (BYOD, also know as Bring Your Own Technology or BYOT) and why should your company be concerned about it? BYOD refers to the trend of letting your employees use mobile devices they own personally to access your company’s information and applications.

While it’s often convenient for both employers and their employees, BYOD may put your company at greater risk of being vulnerable to ransomware or other malware.

What Makes Mobile Devices So Risky?

When it comes to your company’s own systems, security is in your hands. This isn’t the case with personally owned mobile devices.

Obviously, a cell phone, tablet, or laptop owned by your employee is going to be easier to physically steal. But even if the device itself isn’t stolen, it can often be more easily hacked. This potentially allows hackers access to your systems. From that point, they may be able to lock down your files and information and hold them for ransom.

Physical theft isn’t the only risk you face. With personally owned mobile devices, you also have to rely on your employees to keep all security patches up-to-date and rely on them not to download vulnerable applications. This is difficult for even well-meaning employees.

Due to constantly increasing competition for victims among ransomware creators, mobile smartphone apps make a tempting choice. According to Symantec’s Internet Security Threat Report from April 2016, Android smartphone users are a main target of attack. However, Apple devices are not immune. Attacks on Apple devices rose considerably in 2015. According to the report, attackers are using newer, more sophisticated techniques to profit from their victims. For example, there were cases where phone ransomware was observed as it started to encrypt files on phones.

Mitigating the Risk for Mobile Devices

There are several features that should be included in your company’s security policies to protect against mobile malware. Some of these are:

• Make sure access to mobile devices is password protected, including biometrics if possible.
• Update regularly. Updates often contain features designed to protect against newly uncovered vulnerabilities.
• Install and make use of remote “find and wipe” tools, in case devices are lost or stolen.
• Download and install apps only from trusted sources.
• Pay close attention to which permissions apps require. Consider noting in your security policies which permissions are allowed and which are not.
• Make use of on-device data encryption.
• Do not allow your employees to jailbreak or root devices that they will use with your system.

Increased Risks Expected in the Future

In spite of all precautions, the current trend is for the risks associated with mobile devices to increase in the near future and possibly beyond. The increasing use of smartphones and all other mobile devices is simply too tempting for cyber criminals to pass up.

If you would like to find out more information on how to protect yourself and stay ahead of the risk then please follow our link to find out about our special event we our hosting to specifically go over security in the IT world.

[vc_separator type=’transparent’ position=’center’ color=” thickness=” up=” down=”]

[button size=’medium’ style=” text=’Click To Find Out More’ icon=” icon_color=” link=’http://events.constantcontact.com/register/event?llr=hxcf8qcab&oeidk=a07ed0umwjb5a9c8a22′ target=’_self’ color=” hover_color=” border_color=” hover_border_color=” background_color=” hover_background_color=” font_style=” font_weight=” text_align=” margin=”]

With warnings about ransomware appearing more frequently in the news, what do you need to know to protect your company?

What Is Ransomware?

Ransomware is a kind of software that makes it possible for hackers to block access to your files and data, often by encrypting them. You are then required to pay a ransom, often in the form of Bitcoin, in order to regain access to your information.

What Kinds of Computers and Devices Are At Risk from Ransomware Attacks?

According to a PCWorld article on ransomware from this year, while computers running Windows are a major target, there are also applications targeting Android and attacks on Linux servers have recently been on the increase. Mobile devices such as smartphones can also be especially vulnerable, as users often download applications to them without carefully considering security risks.

What Methods Do Cyber Criminals Use to Infect Your Systems with Ransomware?

There are several methods, and these are not always technological in nature. One method is phishing, which involves tricking users into giving away information such as passwords, credit card details, and more. You may also have heard of spear phishing, which is a particular type of phishing. In spear phishing, hackers present users with apparently trustworthy requests for information.

Can You Rely on Law Enforcement to Get Your Data Back After a Ransomware Attack?

No. Most of the time, law enforcement can do very little to help you recover your data. Your best bet is to focus on prevention, keeping your security patches and updates current, having effective data backups, and having a well-tested recovery plan.

It’s important to remember that your backups should not be connected to your main system. If your backup is connected, the ransomware can block access to it too, leaving you with nothing. Many security experts recommend the 3-2-1 rule. This means you should have at least three copies of your data, have it stored in two different formats, and have at least one copy stored offline or off site.

If All Else Fails, Should You Pay a Ransom to Recover Your Data?

There are differing opinions on this, even among law enforcement officials. In some cases, such as hospitals who face the risk of harm or even death to their patients if they can’t quickly recover data, it might seem advisable to pay a ransom.

However, there is never a guarantee that cyber criminals will actually return access. And worse, knowing that a business has paid a ransom may make that business or others in the same industry tempting targets for future attacks.

Can You Count on Security Updates to Always Protect Your Company from Ransomware Attacks?

Unfortunately, no. Your company’s information will still be at risk from zero–day vulnerabilities. A zero-day vulnerability refers to a hole in security that is at first unknown to a software vendor. There is a period of time between the creation of an attack exploiting that hole in security, and the release of security updates by the software’s developers. During that period of time, your information can be attacked.

Promptly uploading security updates helps to minimize this risk, but ultimately your company will need to be prepared to recover from data backups if you have to bad luck to be attacked during the period of vulnerability.

Ransomware is constantly evolving, making it a difficult challenge for companies to protect against. This makes it especially important to do all that you can to minimize your company’s risk from attack.