Spyware comes in many forms -- for example, delivered as a Trojan in the form of a browser extension or a mobile app that oversteps necessary permissions or as malware via phishing attacks.
While the common thread between variants of spyware is the intent to steal personal information from a device, the ultimate aim behind obtaining that information can vary greatly. As such, a combination of security controls and user education and awareness are key to prevent spyware from infiltrating an enterprise.
All employees must understand that spyware browser extensions may appear legitimate but will track internet activity and record user behavior in order to monetize that information, either by selling the data or serving ads against it. Keyloggers and information stealers, two other types of spyware, also infect computers to steal data.
While these spyware variants are still common, today, more and more, spyware is found on the nexus of personal data and communication: smartphones.
Mobile spyware, depending on complexity, can record the same data found on traditional PCs but with the addition of call logs, text messages and location data. More advanced, targeted spyware can also access a mobile device's camera, microphone or encrypted messaging communication. In all but the most extreme cases, the key to preventing mobile spyware is being aware of the permissions requested by apps.
There's too much at stake in organizations today to not take preventive actions. Here are eight steps companies should take to prevent their devices from being infected:
In the easiest scenarios of legitimate apps or browser extensions that overstep privacy bounds to enter spyware territory, simply removing the extension or uninstalling the app should fix the issue. On a traditional computer, removal of spyware may require antispyware or antimalware software as simply uninstalling the malicious software will not remove all components.
On mobile devices, removal of spyware gets more complex with advanced or targeted attacks. Spyware that exploits flaws in a mobile system may embed itself so deeply that it will require a full system reset and reinstallation of the OS from a clean system image.
07 May 2020