Connect with us

How to Guides

Is A Mobile Virus Coming To Get You?

Millions of viruses being released. So how do you protect your phone from being hacked for its personal data and other disturbing activities?

Jon Tullett

Published

on

Virus-Malware_doing-business-in-SA

 Is my smartphone going to get a virus?

Chances are you’ve seen some sort of warning about mobile phone viruses. Mobile malware is on the rise, we’re told.

There are literally millions of viruses being released and if you don’t buy software to protect yourself, your phone will be looted for its personal data, used to call premium rate numbers until your bill maxes out, or even explode in your pocket.

Reality check

  • The chances of you getting a virus on your mobile phone is very, very small
  • Yes, there’s mobile malware (the more generic term for ‘nasty software’) out there, and lots of it, but you probably won’t come across it
  • Be very suspicious of scary virus alerts
  • But that doesn’t mean you can ignore the threat either.

What mobile malware is out there?

Virus-on-a-phone

In general, there are three broad kinds of malicious software. First there’s the kind which just tries to break stuff – electronic vandalism, basically. That’s old-school malware, and we don’t see much of it. The second kind tries to make money by subverting your phone.

It’ll make calls or send SMS messages to premium-rate numbers, reset your browser homepage to a site which displays ads (thereby generating ad revenue). And lastly there’s the kind which steals information – passwords, contact details, financial info. That data will either be sold on the black market or used for identity theft.

I hear all these scary numbers…

Oh, yes. You might have heard that there are multiple millions of mobile viruses in the wild. That 97% of them are found on Android devices. That the average user has dozens of potentially malicious apps on their phone.

Take a deep breath.

This is the antivirus industry doing what it’s done for years – exaggerating the threat to scare people into buying protective software. And because it wouldn’t look scary if the numbers were ever adjusted downwards, they just keep going up, year after year.

Every phone manufacturer has stringent security checks in place to prevent malicious software getting into their app stores. And while those checks aren’t perfect, they’re pretty good. There are drastically few outright malicious apps in official app stores. If you stick to those apps, you’re probably mostly fine, with some caveats that we’ll get to in a moment.

The vast majority – 99,9% of the malicious apps – are found in unofficial app stores. And which platform supports unofficial app stores? Android. Ergo, all the malware is on Android.

If you go out of your way to find third-party software – tick the ‘allow software from external sources’ setting, then click through the security warnings, then go looking for alternative software, then install it (again clicking through security warnings) – then yes, you might get a virus. But you’ve kinda asked for it, to be frank.

Those app stores aren’t rogue operations – they often serve parts of the world where there isn’t local support for developers. China and Russia have been notable hotbeds. A common technique is to repackage a popular app like Angry Birds, add something malicious, and distribute it there. So it’s genuinely tough luck for those users, but unless you’re side-loading software from a Chinese app store, you’re probably ok.

So I’m ok?

Unfortunately, there’s another risk, and this one’s real.

App stores block malicious software from getting to your phone, but they can’t protect you from yourself. If you install an app and give it permission to send SMS messages, then that’s what it will do. The app store won’t block that – it’s doing exactly what it said it would do.

So check those permissions. If you don’t know why an app needs a permission, either disable it or find an alternative app.

Be judicious about it: Big mainstream apps like Facebook and WhatsApp do ask for a sweeping set of permissions and while there are privacy concerns there, they’re not likely to conduct a malware attack.

But less popular apps with questionable permissions are best avoided. Only you can protect yourself from this risk, and most people are unfortunately very trusting when it comes to apps.

When to believe and not believe the alerts

Antivirus companies are guilty of overhyping the threat, and you should take their warnings with a pinch of salt, but they’re not actually malicious. Not so are the fake virus warnings, and those should be avoided like the plague. I’m sure you’ve seen them, if not on your phone then probably on your PC.

“Your phone/PC has a virus – click here to remove!” or “Your system is slow, click here to optimise!” even “Your WhatsApp is out of date – click here to update!” Ring any bells?

Those are lies. Every single one of them. And they will at best dupe you into buying some placebo non-functional fake antivirus, and at worst install malware of their own and get busy attacking your PC or phone. So don’t, whatever you do, ever click them. They’re not system messages, they’re just ads, being pushed out through the usual advertising channels. If nothing else, ask yourself whether you should be making a trusted purchase from an entity which stoops to such a level to promote their product.

In short: Any ad which makes a system maintenance claim of any sort is a scam.

Be wary of ads

Protecting-a-phone-from-virus

And that brings me to the last area of concern, which is those advertising networks. A popular business model for app developers is ad-supported freeware – you and I get to download the app for free, and we get the occasional ad popping up. Unless it’s particularly obnoxious and in-your-face, it’s a fair deal, right?

In principle, yes, but in practice there are some serious risks. For one thing there’s the duplicitous business practice I described already, but there are actually architectural risks – those ad networks are poorly secured and can be attacked to push malicious software down to phones instead of adverts.

That isn’t hypothetical – there are real-world demos of this in practice. And no hype this time, Android really is more at risk. Apple and Microsoft less so, and BlackBerry (which operates its own, closed ad network) has no known vulnerabilities so far.

And you can’t blame the app developer – they don’t have much control over what’s pushed down by the ad servers. So what to do?

If you’re paranoid (because honestly, the risk here is currently very small), avoid ad-supported apps and just pay the couple of bucks for an ad-free version. Realistically, most of you will ignore this advice – the freemium model is too deeply ingrained in our web psyche to overcome that easily.

But bear it in mind, and in particular consider dumping any apps which subscribe to ad networks promoting those fake virus messages.

Do I really need mobile antivirus then?

So if the risk of mobile malware is so much less than the vendors claim, and you’re a bit more careful with choosing which apps you install, do you need antivirus on your phone?

Well, it depends. Although antivirus software isn’t actually all that good at catching malware (the CEO of Symantec, one of the antivirus market leaders, recently admitted that antiviruses only catches about 45% of threats), the security suites actually do offer a lot more than just malware protection.

Depending on the product, it’ll check for apps which are known to misbehave in other ways, look for suspicious activity, back up your data, let you locate your phone geographically, remotely lock and wipe the device, and so on. You can do lots of that on your own, but the security tools bring it all together.

Do you absolutely need it? No. Is it a useful set of tools for the security-aware mobile user? Yes. For the record, I have no antivirus on my phone, but I do have security apps to lock it down.

If you change only two things after reading this article, it should be this: Be more critical about the permissions apps ask for and reject those which are suspicious. And back up your data – so many bad things can happen to a phone, but there’s never an excuse for losing data.

Jon Tullett, Senior editor at ITWeb has been covering information technology for two decades, working as a journalist and editor in South Africa, Europe and the Middle East. He is currently responsible for news analysis and spokesperson for the Security Summit, Africa’s premier information security event for IT and business professionals. Jon has trained in computer forensics, visited Interpol's cyber crime task force in Lyon, chaired numerous security events and seminars, judged technology awards, and developed testing protocols for a lab operation which reviewed dozens of security products every month. He has very, very, long passwords.

Advertisement
Comments

How to Guides

(Podcast) Phone Calls Often Solve Email Problems

Irate customers can become your most ardent supporters, but it’s important to treat your clients like people. People like people, and phone calls are more personal than emails.

Nicholas Haralambous

Published

on

nicholas-haralambous

Emails solve problems – but they also create them. When a real problem arises in your business, is an email the best way to solve it, or should you pick up the phone and give your customer a more personal experience?

Irate customers can become your most ardent supporters, but it’s important to treat your clients like people. People like people, and phone calls are more personal than emails.

Listening time: 3 minutes

Related: (Podcast) Being An Entrepreneur Is Painful

Continue Reading

Company Posts

Why Choose ISO 90012015 As A Starting Point For Your Business

Implementing all elements of the standard can help your business, but what parts of the ISO 9001:2015 standard in particular should prove to be of most beneficial for yours? We’ve listed a few below.

Published

on

iso-90012015

Ask for any Entrepreneur’s to-do-list, ISO Implementation and certification may not always be at the top of it. Businesses are constantly faced with financial, operational and socio-economic pressures, while business owners must make decisions on projects related to “cost vs the benefits”. But here’s why ISO 9001:2015 is a reasonable investment.

If your businesses is certified under ISO 9001:2008 you had three years to transition to ISO 9001:2015, if you don’t transition, your certification will become redundant. The three‑year period started on the date the new standard was published in September 2015. Don’t wait, your Day 1 of 365 days starts now.

Related: How ISO Certification Can Help You Access Market Tenders

Implementing all elements of the standard can help your business, but what parts of the ISO 9001:2015 standard in particular should prove to be of most beneficial for yours? We’ve listed a few below. It may also protect your business (against big business)

How can ISO 9001 make the difference for my business?

Start by viewing the costs as an investment that allows you to better assure your clients, improve your productivity and raise your ability to compete.

Your certification to the standard, can attract reputational benefits and establish a ticket to levels of business that non-certified companies certainly cannot obtain. This may be the most practical time to implement ISO 9001 for your business.

As the full process can take up to 6 months, you need time to plan and execute your transition to the new standard and it will require work, commitment and changes to the habit of doing things.

This is why it’s vital to begin early and hire consultants with a 100% certification record with any SANAS (South African National Accreditation System) or International Accreditation Body. It gives the guarantee and expertise you need.

iso-process

Your 6 steps to getting ready for ISO 9001:2015

1Establish Processes

  • Documenting and Implementing processes in your business can yield great benefits as your business grows. Setting common processes in the beginning will result in consistency in the products and services, this sets a sound foundation for expansion and future growth.
  • Save time, cost, and ensure delivery. This takes place when you have new employees and point them to processes that are well established and well documented.
  • It allows your staff to feel confident in doing their job, knowing there is a process to follow and with the help of the Document Control Process, you can always re-engineer the process to adapt to change, this results in Continual Improvement.

2Formulate PDCA cycle (Plan-Do-Check-Act)

  • The fundamental basis of the ISO 9001 standard is based on Edward Deming’s PDCA Model. If implemented effectively it can benefit any type of business however large or small you are, it’s practical. The Method is also used by fighter pilots.
  • You build a culture of “careful planning, monitoring, and adjustment of actions” this speaks volumes to your employees, and your clients benefit in return.

3Increase your sales by using ISO 9001

  • By using valuable customer feedback, you build up information to monitor and review your client’s perception of your products and services, this feeds into a corrective action process, which results in a continual improvement to create relationships with existing clients and attracting new clients.
  • Most Tender Requirements from Government, Local and International Companies require ISO 9001 as a qualifier to their procurement process. This gives them the assurance that a Third Party Auditor is auditing an effective Quality Management System aligned to International Standard that has effective process control and will measure client satisfaction.

4Develop an attentive mindset to risk and opportunities

  • Risk and opportunities is the latest introduction to the ISO 9001:2015. This allows businesses to identify potential and current risks in their process and mitigate them before it’s too late, the fundamentals of a successful business.
  • By cultivating a culture where your team have a sharp eye for risk and opportunities will serve your business well.
  • Profits will be maximised while risks are spotted early and can be minimised.

5Take control of change management

  • As the saying goes, “Change is the only constant in the 21st century”. The inability to handle change and adapt accordingly is one of the main reasons that many businesses do not survive through the first two years of existence.

Related: 7 Steps To Achieving Our Higher-Level Goals

6Setting goals and objectives

  • Goals and objectives are key fundamentals of the ISO 9001:2015 standard, these are tools to assist in attaining your companies Vision.
  • When you get into the habit of setting, reviewing, and taking action against objectives, the end results is growth and driving improvement.

It is clear that implementing ISO 9001 can take your business to the next level that benefits startups to established corporates. We stress again the vital importance to begin early and hire consultants with a 100% certification record with any SANAS (South African National Accreditation System) or International Accreditation Body.

Continue Reading

Company Posts

How ISO Certification Can Help You Access Market Tenders

Want to leap-frog your competitors by building your business credibility?

Published

on

ISO Certification

2017 has been a challenging year thus far. A decline in exports, slower growth in private consumption and fixed investment has caused the economy to contract in Q1 and enter into its second technical recession since 2009. This means that it is now more crucial than ever to break away from your competition to survive in this economy.

The question we as businesses are all asking, is how can we become more competitive during these tough times?

The answer is ISO Management systems and certification.  The implementation process allows organisations to streamline their processes and benchmark to international standards that have worked for the likes of Toyota, Coca Cola, MTN SA and many more.

The ISO Certification gives your clients the national and international credibility that they are looking for, in you as a business.

What are ISO Standards?

ISO is not an acronym, it is derived from the Greek word ISOS, which means equal and is interpreted as The International Organization for Standardization, which comprises of various National Standards being superimposed into one International Standard. There are approximately 21500 ISO Standards, from Quality, Health and Safety, Information Security, Environmental, Energy and many more. (The International Organization for Standardization)

The ISO standards set a precedence for companies to create a Management System which comprises of Policies, Objectives, Processes, Risk Assessments and Procedures with the aim of being able to provide a consistent service.

The standards requirements can assist a one-man tuck shop to large corporates such as Google.

Think about it this way, when you buy a house, does your insurance company grant you a policy without an Electrical Certificate of Compliance? Do you buy a brand new laptop, mobile device or any other electrical device without a warranty or guarantee? Will you send your child to a hospital that does not have standards in place? Will you buy vegetables that have not undergone the necessary food safety controls?

We, as consumers, have all become cautious, hence the birth of ISO Certification. An independent body (Watchdog) such as the SABS, BSI, TUV, and Bureau Veritas conduct regular audits against your processes and the International Standard to create the assurance you are looking. How ISO Standards And Quality Management affects SMMEs

That is why your company must invest the time and money to implement the value adding systems with the right consultant. This in turn will provide your current and potential clients the assurance that you have the relevant processes in place to deliver what is required and will provide you with the competitive edge. You are not too small to become ISO certified.

Where do I start if I want to become ISO Certified?

where-do-i-start-if-i-want-to-become-iso-certified

ISO Management systems work on a four-phase approach to develop, implement, train and assist organisations through certification.

The following will give you an overview of how the process works:

Phase 1: GAP analysis & Identification of processes

  • GAP Analysis Audit on the choice of your ISO Standard
  • All Staff to undergo awareness training on the ISO Standard (Requirements)
  • Analyse & identify current systems (Policies, Objectives, Risks, Processes and Procedures) within the company and gather information.

Phase 2:  ISO Management System Development

  • ISO Management systems manual (Policies, Objectives and Mandatory Procedures)
  • Process documentation and Standard Operating Procedures
  • Risk assessments and tools to assist in Monitoring, Measuring and Analysing. 

Phase 3: Implementation

  • Coaching and change management of Top Management and attaining Leadership Values.
  • On the job training with all staff and workshops on the ISO Management Systems
  • Internal Auditor & Maintenance Training
  • Internal Audit, non-conformances, corrective actions and reviewing of risks
  • Management Review Meeting and Review of all Statistical Analysis.

Phase 4: Certification

  • Stage 1 Desk Study Audit with the Certification Body
  • Stage 2 Certification Audit, Non-conformances and Corrective Actions completed
  • Annual Surveillance Audits to justify continuous improvement.

ISO standards aren’t rigid rules, but rather a set of generic requirements and guidelines to what we as a business should be following.

It’s the basics of business, we tend to overlook the basics and focus on profits, which jeopardies our quality and service.

Your clients are becoming more advanced, better informed and their expectations are growing. Having ISO Management Systems provides organisations with the competitive edge over their competition, by gaining National/International recognition.

In fact, any organisation, whatever their size or industry sector can give themselves a secure future by introducing ISO Management Systems. Remember to look for management systems that can guarantee 100% certification with any certification body such as SABS, TUV, BSI, Bureau Veritas, DEKRA etc.

Continue Reading

Trending

FREE E-BOOK: How to Build an Entrepreneurial Mindset

Sign up now for Entrepreneur's Daily Newsletters to Download​​