Spyware comes in many forms -- for example, delivered as a Trojan in the form of a browser extension or a mobile app that oversteps necessary permissions or as malware via phishing attacks.
While the common thread between variants of spyware is the intent to steal personal information from a device, the ultimate aim behind obtaining that information can vary greatly. As such, a combination of security controls and user education and awareness are key to prevent spyware from infiltrating an enterprise.
All employees must understand that spyware browser extensions may appear legitimate but will track internet activity and record user behavior in order to monetize that information, either by selling the data or serving ads against it. Keyloggers and information stealers, two other types of spyware, also infect computers to steal data.
While these spyware variants are still common, today, more and more, spyware is found on the nexus of personal data and communication: smartphones.
Mobile spyware, depending on complexity, can record the same data found on traditional PCs but with the addition of call logs, text messages and location data. More advanced, targeted spyware can also access a mobile device's camera, microphone or encrypted messaging communication. In all but the most extreme cases, the key to preventing mobile spyware is being aware of the permissions requested by apps.
Spyware prevention best practices
There's too much at stake in organizations today to not take preventive actions. Here are eight steps companies should take to prevent their devices from being infected:
- Educate users. Employees need to be given spyware prevention tips; this is the most important step. Offer examples of what can happen when spyware infects a device and how not only corporate data, but also their personal information is at risk. Employees will learn better if the risks are described as how an attack affects them, not just how it will impact the business. Employee education also includes the following:
- being taught to pay attention to the permissions and access rights given to browser extensions and mobile apps;
- never installing mobile apps on a device -- personal or company-provided -- from a source outside of Apple App Store on iOS or Google Play Store on Android; and
- being warned to be wary of phishing emails and text messages, as many targeted spyware attacks use these tactics to lure victims to fake websites or to download malware.
- Keep mobile apps and OSes up to date. Many spyware attacks have been known to exploit unpatched flaws.
- Use the appropriate security software. Organizations should install antispyware or antimalware software on every company-supplied computer or phone and administer policies to limit the browser extensions and apps users can install.
- Aim for a centrally managed antispyware software if budget permits. Be sure to install spyware protection and cleaning utilities before a suspected infection, rather than putting them on systems after they're deployed. And, as remote users become more common, ensure their systems receive the proper antispyware, antimalware and other software updates.
- Use a layered defense.There is a greater chance to successfully defend against spyware if antispyware and antimalware are combined with a firewall and an endpoint detection and response system.
- Harden all systems. These hardening tricks are easy to implement and can be pushed out via Active Directory Group Policies.
- Create practical and effective email security policies.
- Conduct spam and content filtering for inbound email. This mitigates the risk of spyware being delivered via a phishing attack.
How to remove spyware
In the easiest scenarios of legitimate apps or browser extensions that overstep privacy bounds to enter spyware territory, simply removing the extension or uninstalling the app should fix the issue. On a traditional computer, removal of spyware may require antispyware or antimalware software as simply uninstalling the malicious software will not remove all components.
On mobile devices, removal of spyware gets more complex with advanced or targeted attacks. Spyware that exploits flaws in a mobile system may embed itself so deeply that it will require a full system reset and reinstallation of the OS from a clean system image.