IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Smartphones and Tablets = Risky Business
Sun, 1st May 2011
FYI, this story is more than a year old

Smart gadgets can be a significant force multiplier for mobile workforces, allowing staff to spend more time on the job and less time at their desks. But there is an alarming complacency when it comes to mobile devices and security. That is risky, as 2011 looks set to be the year of mobile malware.The biggest mistake is to think of mobile devices as merely phones or tablets. Instead users need to think of them as portable computers – with all the strengths and weaknesses that come with the territory. Enterprises need to approach mobile security with the same methodical attention to detail that they apply to traditional desktop security, especially as mobile devices are entrusted with more and more sensitive corporate data.With millions of overly trusting users and a rapidly growing market, mobile devices represent an irresistible target for cyber criminals. Add to this a more than 40% rise in the number of reported new mobile operating system vulnerabilities in 2010, and the bad guys now see mobile platforms as easy targets.As with most technologies, the biggest security threat with mobile devices is end-user behaviour. While organisations can put various levels of protection in place, these protections need to work in conjunction with clear and effective Acceptable Use Policies – ensuring staff can get the most from their devices without putting the organisation at risk.Just as employees are given clear guidelines on how work computers are to be used outside the office, the same should be applied to smartphones and tablets. The policies need to cover the use of both work and personal mobile devices in the enterprise.Security for mobile devices within enterprises must start with using a PIN or password to restrict access to mobile devices if they’re lost or stolen. It’s important for users to regularly back up important corporate data on their devices, whether it’s to their desktop machines or a secure cloud storage service. Remote lock and wipe features are also important for dealing with lost devices, to ensure sensitive data doesn’t fall into the wrong hands.2010 saw a more than 90% increase over 2009 levels in the volume of web-based attacks. It’s typically much harder for users to check and verify the legitimacy of URLs displayed on mobile devices. Thus it’s much easier for the bad guys to get away with their phishing and social engineering based attacks. Cyber criminals have also been known to use text messages to lure unsuspecting users onto web sites containing scams and malicious code.As with notebook computers, organisations also need to develop clear policies when it comes to connecting smartphones and tablets to other networks, especially public Wi-Fi hotspots. Such open networks often run without encryption turned on, which make it easy for others to eavesdrop on traffic, extracting passwords and other sensitive information. If users are granted generous monthly mobile broadband limits then using public Wi-Fi hotspots may be unnecessary.If it is necessary to use public networks, running a Virtual Private Network connection to the device can be effective in protecting sensitive information. If a secure Internet connection can’t be established, then users need to refrain from connecting back to office resources or "in the cloud” services. No working, banking, shopping, accessing sensitive sites or conducting company transactions should be tolerated over non secure connections.Many smartphones and tablets support Wi-Fi and Bluetooth connections and have GPS devices embedded. By turning off these functions when not required, users can ensure their privacy and enterprise data is safe.When downloading and installing new applications on mobile devices, users need to be extremely mindful that the provider is trustworthy. They need to be reminded to be careful about the permissions they give to new applications so as to ensure they don’t unknowingly share sensitive information. And if they have stopped using an application, they should remove it.Smartphones and tablets are proving to be invaluable tools for a mobile workforce, but it’s important to take mobile security seriously, so you ensure your devices are working for you and not against you.