Every once in a while it’s good to take stock of a situation. A projected 1.25 billion Android users for 2015 (according to Gartner) is such a situation. Either your organisation is already an Android shop or it is likely to become one in the near future. A plethora of software apps for the Android OS and a decidedly spotty security record for many Android users means that reviewing your approach to Android security could be a wise move as well.
While advanced technology exists to help protect Android systems, a reminder about security basics can go a long way to avoiding problems:
- Practice safe downloads from the Google Play store and your own organisation, and have the IT department vet any other sources of Android app download.
- Watch out for weird demands (OS permissions) at app installation time, and report suspects to the IT department for investigation.
- Recognise signs of possible infection, including loss of performance, increased battery consumption and unexpected interruptions.
- Keep the Android OS and the Android anti-virus software up to date.
- Keep records of the installed or user base of all Android devices allowed to access your organisation’s systems and data. Even if you operate a BYOD policy, you can restrict or refuse access to Android devices that are not using the latest/most secure versions.
- Use encryption at rest to make data on Android devices useless to anybody finding or stealing the device.
- Back up Android data correctly and ensure that backups can be properly restored by trying restores at regular intervals.
- Enable the remote-wipe function of Android phones so that memory can be erased remotely in case of loss or theft, or simply if the owner of the device leaves to start work at a different enterprise.
A security victim of its own success perhaps, Android will continue to attract hackers and cyber criminals. Following the tips above however will lessen the chances that your own organisation’s or employees’ Android devices will allow an attack to succeed.