Remember when people showed up at an office from 9am to 5pm and sat at desk to get stuff done? Some still do, but the reality is that the work culture has shifted dramatically over the past decade, and mobile computing and devices are at the heart of that shift. Thanks to ultrabooks, smartphones, and tablets, combined with 3G/4G cellular connectivity, and free public Wi-Fi hotspots the “office” is really anywhere you happen to be.
That is awesome from an efficiency and productivity perspective, but it also exposes sensitive data and network resources to new risks. In a nutshell, if users can access the personal information of customers from the other side of the world through their smartphone, so can a cyber criminal. If your users can connect to internal network resources from an ultrabook or tablet, then so might an attacker–particularly an attacker that possesses a stolen laptop or tablet that’s already configured to access your network.
It’s a brave new world, but one that requires awareness of the new risks it imposes, so you can properly protect mobile devices and take advantage of the benefits with confidence and peace of mind. Pankaj (PJ) Gupta, CEO and Chief Architect at Amtel–a company that offers an integrated Mobile Device Management and Telecom Expense Management platform for enterprises–shares his thoughts on the top five mobile security threats, along with tips to mitigate and minimize the risks.
1. BYOD—Allowing employees to use their personal devices either in the company setting or to conduct company business can be a recipe for disaster. Aside from the risk of mixing business and personal data, photos, social media activity and more, allowing access to corporate data on a device or network that the company does not own or control can easily allow sensitive information to fall into the wrong hands. Establishing specific rules and guidelines or placing access restrictions on the use of company information and/or apps on employee-owned devices is the first line of defense in thwarting the BYOD risk.
2. Apps management—While there are thousands of incredibly helpful apps on multiple platforms, there are also many that have no place in the corporate environment, from either a productivity or security standpoint. To ensure company data is uncompromised, use a whitelist/blacklist program and software that controls and/or monitors app use to manage what’s available and/or accessible.
3. Productivity drain—While not exactly a security threat, time wasted on games, social networking and other leisure apps can be a serious threat to productivity and competitive position. Geo-fencing, or the use of GPS location boundaries to secure/restrict access to certain apps can solve the problem. For example, companies can set up a geofence that disables Angry Birds and Cut the Rope while within the office building. Geo-fence technology can also be used to restrict features on the device, prohibiting the use of the camera in areas where trade-secret equipment or sensitive documents are kept, for example, or enabling access to data-heavy apps only when Wi-Fi is available to control data costs.
4. Content sharing—Companies may want to be selective about the type of content made available on mobile devices. For example, investor documents, proprietary information and other sensitive material can fall into the wrong hands if the device is lost or stolen. The use of content-sharing controls can secure access to those documents, as well as push automatic updates as documents are changed, to ensure the latest version is always available. Sharing controls can even restrict the ability to transmit documents via a mobile device without proper authorization.
5. Password security—It’s hard to believe that in 2013, passwords are still an issue. Yet, some reports show that roughly half of mobile phone users don’t use a password to protect their device. For those that contain corporate apps or access to company data, that’s a huge security hole just waiting to be exploited. Use of a containerized solution can plug the hole, requiring a separate password or PIN to access corporate data, regardless of whether the device itself is password protected.
I agree for the most part that these are five of the top issues facing organizations when it comes to effectively embracing mobile computing without compromising security. I recommend reading Five Steps to Creating an Effective Mobile Device Policy, and 5 Essential Capabilities of an MDM Solution.