Smartphone Security: It's Tough, But It's Still Your Problem

Slide Show

Smartphone Security Gaps

Employees are at risk for viruses and other security breaches, so IT staff need to be just as vigilant with company-issued phones accessing the network as they are with computers.

Smartphones and other mobile devices are inside your organization, and they aren't going anywhere. And, as our Carl Weinschenk has recently reported in his blog, they aren't particularly secure.


Recent surveys have found that malware attacks are increasingly targeting mobile platforms, and that those platforms have some fairly gapping security holes - for example, many of them store usernames in plain text. That's not good.


If you are evaluating an overall mobile device security strategy for your organization, you should check out the report Guidelines on Cell Phone and PDA Security from the National Institute of Standards and Technology. The 51-one page PDF is available for free download to IT Business Edge members here in the IT Downloads library.


In addition to reciting the long list of security issues that can surface with mobile devices - for one thing, they are really easy to lose - the report's executive summary recites a laundry list of administration and security features available through mobile management solutions.


These capacities include:


  • Installation of client software, policy rules and control settings
  • Remote password reset
  • Remote erasure or locking of the device
  • Remote diagnostics and auditing
  • Denial of services to non-compliant or unregistered devices


The report, as all NIST publications do, then takes a deep dive into the security threats and mitigation tactics you should consider when managing mobile devices. The report comes at the issues from the perspective of company-issued devices that are under the explicit control of IT. That may not be the case in your shop in the age of the iPad, but you're certain to find some tactics that you can employ, either through policy or management technology.


Some measures you can implement almost immediately:


Be sure that all local security measures are implemented on your user's smartphones. Before you let a user POP their email on their phone, be sure that at a minimum they have log-in and inactivity log out activated. It's simple, but it is the first step to stopping someone who finds a lost device just casually checking out your company's private info.


Do a formal risk assessment. The migration of smart mobile devices (company-issued or otherwise) has been taken as a given for years now, but that doesn't mean that you should not quantify the risks they pose to the business. An ongoing risk evaluation might result in the business deciding to impose more strict control on devices; it might, at least, help you define a fallback position if something goes wrong.


Establish a formal smartphone use policy. Having users sign off on a contract that outlines acceptable smartphone use - and the penalties for policy breach - drives home the point that your company is serious about mobile security. It also is a vital part of a user training program, which is also a key step for making sure your mobile devices are as secure as possible.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.