Smartphone Security: Alarming Complacency Among Mobile Users
Most consumers are unaware of the security risks associated with their smartphones.
I know that for years BlackBerry was the smartphone of choice for enterprise use, and with good reason: It is the most secure. But the increased personal use of devices using Android and iOS platforms are also making their way into corporate America. As more than one security expert said to me: When the executives come in and say they like to use a particular device, it is time for the IT staff and the security staff to prepare to add new technology to their repertoire.
Android, as you probably know, has jumped to the front of the pack as the smartphone platform of choice, and with it comes the increase in malware and attacks on Android vulnerabilities. Concerns of iOS security are also on the rise.
If you've read my blog long enough, you know that I am a strong proponent of having a good and effective security policy - not just for the office, but for home and personal use, too, since the lines between work and home have blurred. And that's why I loved a column by Eric B. Parizo at SearchSecurity.com. He is promoting the idea of businesses coming up with a specific security policy for Android devices. The recent McAfee report showed the need for taking Android security seriously, and since there are issues that surround Android that aren't usually a problem for other platforms (particularly the vetting process involved in the various app markets), having a policy in place that specifically focuses on the issues surrounding Android security and use makes a lot of sense.
Why a specific security policy for smartphones or mobile devices? Because a surprising number of people are ignorant about how their phone works and what can happen to it if you aren't taking precautions. Even little, easy steps like password-protecting the phone, are ignored. One of my friends commented about how my phone "makes" me type in a password before I can use it, while hers just locks and all she has to do is swipe it to open. She assumed that kept her phone secure and the differences between our phone "security" had to do with the platform.
Providing both generic and individual policies should help both the business and the individual user in the long run. Of course, the next trick is implementing and enforcing the policy, but that's a post for another day.