It is no secret that viruses and malware are prevalent in today’s digital world. Recent attacks on large companies Target, Adobe, and Zappos within the last year have started to raise serious concerns regarding the safety of personally identifiable information (PII) storage and protection. As if things couldn’t get worse, this threat is expected to start becoming more frequent on mobile platforms, particularly smart phones.describe the image

The driving factor behind these attacks is the introduction of mobile currencies, like Dwolla or Google Wallet, branchless banking, and the big move to the cloud. All three of these put very sensitive data at the tip of our fingers, but also create another gateway for hackers to exploit. High turnover on these devices also means frequent refreshes and the responsibility of making sure they are properly destroyed to prevent data breaches after their use.

Hackers and data thieves are always going to find a way to get what they want, and in most cases they are ahead of the curve. There are early signs that they will soon make a big push toward malware attacks on smart phones. Last year saw an increase in the number of mobile devices targeted by hackers. Of all the devices attacked, 99% of them were targeted at Android devices.

This may put iOS users at rest, but not for long. Being that Android is an open source type software, it is much easier to design and test malware around that platform than the more proprietary iOS. Android also has more users in the U.S. (~53%) and globally (~70%) than Apple, so hackers are able to reach more individuals. With that being said, the targeting of specific devices (smart phones, tablets, etc.) only accounted for 1.2% of all malware encounters in 2013. So while the threat was low last year, this number can quickly climb.

Like all other aspects of technology usage in the workplace (implementing, retirement, disposal), there will need to be new policies and compliance around the usage of these devices to make sure end users aren’t putting themselves at risk to exposure. This policy should also include the implementation of the device and what should be done with the device once it is no longer in use.