As the world
becomes more interconnected, integrated and intelligent, mobile devices are
playing an ever-increasing role in changing the way people live, work and
communicate. But it is not just happening in personal life: Smartphones and
tablets are also being rapidly adopted by enterprises as new work tools,
joining existing laptops and desktops. The use of mobile devices for both
personal and business has experienced an explosive growth in the past few years
and will only accelerate in the near future.
As employees
bring mobile devices into the workplace, many organizations are motivated to
encourage their use for business purposes, because they tend to drive:
Increased employee productivity, reduced IT cost, improved availability and
performance, easy access to company resources amongst others. Likewise
individuals make use of their smartphones in online shopping, payments,
banking, business communication, mobile money and utility bills settlement.
However,
there are myriad of risks associated with the use of smartphones and tablets
for personal or business concerns. General risks and vulnerabilities include:
- Loss and theft: Small size and high portability make loss and theft top security concerns when a mobile device is used in the workplace. According to a mobile threat study by Juniper Networks, 1 in 20 mobile devices was stolen or lost in 2010.2When devices are lost or stolen, all of the data stored on or accessible from the mobile device may be compromised if access to the device or the data is not effectively controlled.
- Malware: Mobile device malware—viruses, worms, Trojans, spyware—has been on the rise over the past few years because most mobile platforms do not yet have native mechanisms to detect malware. Malware can cause a loss of personal or confidential data, additional service charges (for example, some malware can send premium Short Message Service (SMS) text messages or make phone calls in the background) and, even worse, make the device unusable.
- Spam: With the growth of text messaging, spam—unsolicited communication sent to a mobile device from a known or unknown phone number—is also on the rise.
- Phishing: “Phishing” is an email or an SMS text message (dubbed,“SMiShing”) sent to trick a user into accessing a fake website, sending a text message or making a phone call to reveal personal information (such as a online banking details in the Nigeria) or credentials that would allow the hacker access to financial or business accounts.
- Bluetooth and Wi-Fi: Bluetooth and Wi-Fi effectively increase the connectivity of mobile devices within a certain range, but they can be easily exploited to infect a mobile device with malware or compromise transmitted data.
In view of
these threats, the following are some foolproof strategies to adopt:
- Identity and Access: Enforce strong passwords to access the device (alphanumeric = oluwaDamilolA1#), If virtual private network (VPN) access to corporate intranet is allowed, include capability to control what IP addresses can be accessed and when re-authentication is required for accessing critical resources
- Data Protection: Encrypt business data stored on the device and during transmission, Include capability to wipe data locally and remotely, Set timeout to lock the device when it is not used, Periodically back up data on the device so data restore is possible after the lost device has been recovered, Include capability to locate or lockout the device remotely.
- Application Security: Download business applications from controlled locations only, Run certified business applications only, Monitor installed applications and remove those identified to be untrustworthy or malicious.
- Integrity Control: Run anti-malware software to detect malware on storage and in memory, Run a personal firewall to filter inbound and outbound traffic.
Contributions:
IBM Security Services
0 comments:
Post a Comment