As for memes, malicious websites host viral videos, posts, and images to draw people in, and then the site automatically passes malware onto the user’s device. “The user doesn’t need to actively download anything or engage in other risky computer behavior. Simply visiting the infected website can cause malware or ransomware to exploit vulnerabilities in the operating system or browser,” says Casesa.
“Once an attacker has personal information like passwords they can go after email accounts, which can enable access to other accounts. Where people reuse the same password, attackers can access employee bank accounts as well as work accounts,” explains Casesa.
Using work credentials, attackers explore and exploit whatever systems the user has privileges on. “Attackers can use access to these systems to spread more malware, collect additional data, and pick up credentials for more systems,” says Casesa.
Enterprise preparations, policies and enforcements
Stringent policies are unavoidable where the security of enterprise data and the productivity and safety of employees are concerned. “Mobile policies can ban certain apps and jailbreaking or side-loading of software,” says Casesa. When employees understand why this is necessary, it should be easier to get them to comply.
You need to use education programs that grab your employees’ attention and engage them while teaching them the risks of memes and games as well as your policies pertaining to such sites and applications. Programs need to identify official app download sites while pointing out the ear marks of unofficial and known bad sites so that your people can tell the one from the other. You need to confirm that they understand and you need to verify a change in their behavior after the training, as well.
There are other benefits to successful security education. “A knowledgeable workforce is often the first and best line of defense because they can spot risks and report them to the proper teams before these lead to damage,” says Casesa. Rewards systems typically work well for reinforcing healthy employee behavior in response to security risks.
Even with a successful rewards program, it is necessary to apply technology to reinforce policies. By using technologies including mobile device management (MDM), mobile application management (MAM), and enterprise mobile management (EMM) as well as network access control (NAC) and endpoint security, and by layering compatible approaches, the enterprise can enforce strong policies and take a strong stance against malware. First ask your existing device and software vendors about available tools.
Then you can automatically block device or even user access to corporate networks once these mobile technologies detect behavior that goes outside the security policy. Remember, if you block only the device, the user may still have it synced with other devices, and the malware may enter through one of these other devices that you have not blocked.
Sign up for CIO Asia eNewsletters.