As the number of smartphones capable of accessing enterprise resources increases, it’s important to remember that smartphones operate more like a computer than a phone. Smartphones work so well as a portable office because they have the capability to browse the Internet. That capability means your employees are at risk for viruses and other security breaches, so IT staff need to be just as vigilant with company-issued phones accessing the network as they are with computers.
We’ve put together this list of vulnerabilities inherent in the current generation of mobile devices, and then outlined the elements necessary to patch those security gaps.
The IT Business Edge Knowledge Network also provides several resources for establishing guidelines for mobile device use within the enterprise.
- Abilene Christian University Smartphone Policy
- Guidelines for Cell Phone and PDA Security
- User's Guide to Securing External Devices for Telework and Remote Access
- Wireless Security Access Policy
Click through for smartphone security gaps and tips on how to patch them.
Also see: Smartphones that Work for Business
There has been a dramatic increase in phone phishing attacks, both in voice calls (vishing) and in text messages (smishing). These attacks usually start with a prerecorded message alerting users to a potential breach of their account information, with a prompt to call and verify their account information. Credit card fraud appears to be the primary topic of the attacks, with credit unions being the businesses most hurt.
Also see: Smartphones that Work for Business
The Web-based capabilities of smartphones open them to a wide variety of malware attacks. Recently, hackers planted a virus in Windows smartphone video games. This malicious software would dial premium-rate telephone services in Somalia, Italy and other countries, often running up hundreds of dollars in charges in a single month.
Also see: Smartphones that Work for Business
Given the amount of interconnectivity and unchecked access each handset generally has to important personal and company-based information, losing a phone can be devastating. Most users enjoy the quick, easy access of clicking a few buttons to get to their favorite apps, and never consider that a lost, unsecured phone leaves a plethora of access points wide open to whoever finds the handset.
Also see: Smartphones that Work for Business
Nearly 20 percent of smartphone applications allow third parties to access private information. Some of these programs are capable of automatically dialing a phone number or sending a SMS without the user’s knowledge, posing a potential threat to privacy and confidential information.
Additionally, geographically based services are a great way to get directions and information on local businesses, but if this information is being published globally, it can be a gold mine for advertisers, stalkers and thieves.
Also see: Smartphones that Work for Business
Employees are an organization’s weakest link and phishing attacks are only limited by the creativity of the perpetrator. Although there is no way to stop attacks entirely, training employees to recognize phishing scams before they respond to them can greatly reduce your risk from this type of attack.
Also see: Smartphones that Work for Business
Get the word out to all workers who touch the network on what exactly they can and can’t do. Organizations need to clearly document and publicize policies for their users; specifically, IT should create different policies for different user groups. These policies should be given directly to employees, who should then have a chance to review them and sign off that they have received them.
Also see: Smartphones that Work for Business
IT must have a strategy for finding and tracking all devices — both rogue and corporate approved. Clearly, no enterprise can introduce mobility without management software that tracks, configures and secures mobile devices. In both homogeneous and heterogeneous mobile environments, organizations need an inventory management tool that maintains accurate inventory records on devices, users and applications, monitors device state with details about the hardware and installed applications, updates applications with targeted deployments, provides fast assistance to frontline employees with hardware or software problems, includes a detailed audit trail that guarantees that corporate security policies and procedures aren’t compromised when devices are lost or stolen, and finds and locks down lost devices.
Once you have a handle on assets, you need to determine how to authorize devices and provision them for particular capabilities on the network. For example, clearly define exactly what sorts of devices are permitted behind the firewall. You may spell out that platforms such as Apple, BlackBerry, Symbian and Windows Mobile are approved, but another list is not.
Also see: Smartphones that Work for Business
One of the greatest challenges in data security is protecting a moving target. With smartphones and other mobile devices, developing a good security plan can be a complex project, further complicated by adding in the layers of security necessary for different devices and different users.
To begin, it is essential to ensure that smartphones are up-to-date with the latest security patches, firewalls and antivirus/anti-spam software. It’s also a good idea to encrypt everything that is of even marginal value. Better yet, just encrypt everything. Physical security measures such as auto-locking and password lock should also be activated in case the smartphone is lost.
Also see: Smartphones that Work for Business
The trend of mobility as a service is becoming quite popular as enterprises turn to established carriers such as Verizon or Vodafone and sign up for managed services, including mobile device management, mobile security and application security. With no capital expense required, mobility-as-a-service offerings are becoming much more prevalent and a viable option for organizations that want to mobilize the workforce, but do not have the internal resources available to support them.
Also see: Smartphones that Work for Business
