As the world
becomes more interconnected, integrated and intelligent, mobile devices are
playing an ever-increasing role in changing the way people live, work and
communicate. But it is not just happening in personal life: Smartphones and
tablets are also being rapidly adopted by enterprises as new work tools,
joining existing laptops and desktops. The use of mobile devices for both
personal and business has experienced an explosive growth in the past few years
and will only accelerate in the near future.
As employees
bring mobile devices into the workplace, many organizations are motivated to
encourage their use for business purposes, because they tend to drive:
Increased employee productivity, reduced IT cost, improved availability and
performance, easy access to company resources amongst others. Likewise
individuals make use of their smartphones in online shopping, payments,
banking, business communication, mobile money and utility bills settlement.
However,
there are myriad of risks associated with the use of smartphones and tablets
for personal or business concerns. General risks and vulnerabilities include:
- Loss and
theft: Small size and high portability make loss and theft top security concerns
when a mobile device is used in the workplace. According to a mobile threat
study by Juniper Networks, 1 in 20 mobile devices was stolen or lost in
2010.2When devices are lost or stolen, all of the data stored on or accessible
from the mobile device may be compromised if access to the device or the data
is not effectively controlled.
- Malware:
Mobile device malware—viruses, worms, Trojans, spyware—has been on the rise
over the past few years because most mobile platforms do not yet have native
mechanisms to detect malware. Malware can cause a loss of personal or
confidential data, additional service charges (for example, some malware can
send premium Short Message Service (SMS) text messages or make phone calls in
the background) and, even worse, make the device unusable.
- Spam: With
the growth of text messaging, spam—unsolicited communication sent to a mobile
device from a known or unknown phone number—is also on the rise.
- Phishing:
“Phishing” is an email or an SMS text message (dubbed,“SMiShing”) sent to trick
a user into accessing a fake website, sending a text message or making a phone
call to reveal personal information (such as a online banking details in the
Nigeria) or credentials that would allow the hacker access to financial or
business accounts.
- Bluetooth
and Wi-Fi: Bluetooth and Wi-Fi effectively increase the connectivity of mobile
devices within a certain range, but they can be easily exploited to infect a
mobile device with malware or compromise transmitted data.
In view of
these threats, the following are some foolproof strategies to adopt:
- Identity and
Access: Enforce strong passwords to access the device (alphanumeric =
oluwaDamilolA1#), If virtual private network (VPN) access to corporate intranet
is allowed, include capability to control what IP addresses can be accessed and
when re-authentication is required for accessing critical resources
- Data
Protection: Encrypt business data stored on the device and during transmission,
Include capability to wipe data locally and remotely, Set timeout to lock the
device when it is not used, Periodically back up data on the device so data
restore is possible after the lost device has been recovered, Include
capability to locate or lockout the device remotely.
- Application
Security: Download business applications from controlled locations only, Run
certified business applications only, Monitor installed applications and remove
those identified to be untrustworthy or malicious.
- Integrity
Control: Run anti-malware software to detect malware on storage and in memory,
Run a personal firewall to filter inbound and outbound traffic.
Contributions:
IBM Security Services
