The humble mobile phone has moved from being an ungainly status symbol to an essential tool in the modern professional’s workflow. But as a device that access corporate data from outside the company network, it could also pose a significant security risk if not managed correctly.
Device OS and configuration
The choice of mobile phone can have serious implications when it comes to malware, data theft and insecurity. Although none of the major OS choices are invulnerable to attack, some are more at risk than others.
Blackberry and Apple’s iOS are commonly regarded as the most secure options because they are the most restrictive in terms of what developers can do – this makes writing viruses and Trojans that steal data very difficult. Android on the other hand is much more open, allowing users to install apps from any source, and increasing the risk of installing a compromised app that could cause problems for your IT team.
According to statistics from security specialist F-Secure, Android accounts for 97% of all mobile malware infections. The other 3% was found on the now-retired Symbian platform.
To avoid problems, smartphone users should be encouraged to only install software from official app stores which has been vetted to ensure it is clean from infections.
On device security protections
Some studies suggest that as many as 44% of smartphone users do not have a PIN lock enabled on their screens. This is particularly worrying for IT managers as other studies reveal that 65% of smartphone owners use them to access company email and other corporate resources.
In the event that one of these “unlocked” handsets is stolen, the thief has direct access to the company network, allowing them to steal intellectual property or other important staff and client data.
If your smartphone users are going to use their personal devices on the corporate network, you should make it a requirement that employees enable their handset pincodes or passwords as standard.
Wireless network usage
“Free” WiFi seems to be everywhere, making it easier than ever for smartphone users to get online. However these public WiFi hotspots are not always as innocent as they seem. Almost all of them will record what users “do” when online, ready for data mining and marketing purposes.
This then gives these hotspots the potential to be profitably compromised by hackers, allowing them to capture and steal data as it passes through the access point. Sensitive data like logons and passwords can be intercepted, and could then be used to hack your corporate network.
To avoid these issues it is important that users be educated about the potential hazards posed by “fake” WiFi networks and the importance of avoiding unsecured networks for accessing corporate data. Wherever possible, you should provide mobile VPN connectivity to encrypt data between their handset and your network, preventing interception of traffic.
The BYOD workflow and smartphone technology revolution has great potential to improve business efficiency. But the security issues outlined above need to be carefully handled by each business, to avoid the equally great potential for damage through mobile phones.
Leave a Reply