The Top 4 Tips to Educate Employees About Mobile Malware
A recent report on secure Bring Your Own Device (BYOD) policies from cloud security provider, Bitglass, revealed that in a survey of 800 cybersecurity professionals, 39% of employees had downloaded malware onto their mobile device. While 26% did not download malware, the remaining 35% were not sure if they had downloaded it or not. Without employee education on the subject, mobile malware will continue to be a blight on companies that make use of BYOD. To prevent further security mishaps, we’ve compiled a list of tips to educate employees about mobile malware.
Company-Wide Training
Security training for employees making use of a BYOD policy is important, but an entire organization can benefit from training regarding malware. Upper-level employees should be included in this process, as they are likely targets for malware attacks. By educating employees about the risks around sensitive data and the use of the internet, they will be actively engaged in the process and have a greater awareness of what would occur if they were to download malware.
Emphasize Social Engineering
When employees use their own devices in a corporate environment, their personal and corporate data is at risk. Employees using their devices for personal purposes, particularly for social media, are open to cyber attacks, as cybercriminals can take advantage of public information posted on social media in order to launch social engineering attacks. By showing employees tactics to identify authentic messages and requests, as well as what information to keep private, successful social engineering attacks will decrease.
Have a Plan in Place in the Event of a Cyber Attack
During an attack, having an established security protocol for employees to follow helps to mitigate the situation. Record a comprehensive plan with explicit steps, covering as many attack scenarios as possible. This way, employees can be better prepared when faced with a malware attack.
Run Unannounced Security Tests
Running unannounced security tests gives employees the opportunity to practice their security protocol. IT teams can send simulated phishing emails to workers to evaluate how they handle the message. If the employee does not react properly, the IT team can simply give them additional training.
Mobile malware is a constant threat, but employee education is a way to mitigate it. Without an awareness of proper security practices, human error can cause data loss, financial loss, and a loss of company credibility. However, the above tips will reduce the number of successful malware attacks.