jump to navigation

Mobile Technology Risks and Solutions December 15, 2013

Posted by kristinamensch in Security.
trackback

There are over 6 billion mobile subscribers worldwide [3]. Mobile technology and smartphones are changing the way that people communicate and consume data. Cisco estimates that by the end of 2013 the number of connected mobile devices will exceed the total world population [2], and with a current smartphone user population of over 1 billion people [3] and growing, mobile security and privacy vulnerabilities need to be addresses.

The biggest threat to mobile security and privacy is malware. Malware is usually introduced to the mobile system when users download or update malicious apps or click on infected URLs. Malware is currently more prevalent in the Android OS mobile ecosystem due to its open nature and lack of developer and app verification and testing before it is made available in the Google Play market place and its larger portion of the marketplace. Both the Apple and Windows Phone 8 ecosystems have more stringent centralized testing before apps can be published in their respective store. This testing can eliminate much of the malware, but not all. It is important for users to understand that their smartphone devices are more than just telephones; they are small computers and need to be protected just like their laptop and/or desktop. This includes adding a third party security application. Another solution to the risk of malware is to only download apps from trusted places and update the device when security updates are released.

Another threat to the security and privacy of smartphone data is defined by their mobile nature. The mobility of these devices means that they are constant passing in and out of different networks – both public and private. Mobile users utilize their smartphones for many tasks including email, private personal data in banking or shopping apps, and perhaps even healthcare. This data is stored on the device or in the cloud being accessed by the device over an Internet connection. It is important for users to protect their data by enabling encryption and user authentication in their devices. Smartphone users should also be sure to use a secure browser connection when transmitting sensitive data over a network. Mobile app designers should also be sure to encrypt any data that their application is transmitting to and from the application servers. This will add a layer of protection for the user and their data. Another possible solution is for the application to create a VPN connection with the server for secure data transfer.

Finally, and perhaps most obviously, is the threat of actual device theft. Smartphone users must be sure to maintain physical control of their device at all times to ensure security and privacy. If this fails and a device is lost or stolen the user should take the following precautions to keep their data safe and secure. Users should implement the available device locking (screen lock) mechanism secured with a strong password. They should make sure to enable, either via device registration (iPhone and Windows Phone 8) or third party applications (Android), remote device location and memory wiping services. This will allow the user to locate their device and remove all private and secure data before anyone has a chance to access the data.

With these vulnerabilities in mind enterprise IT policy makers and managers must carefully consider when and how they will allow employee mobile devices to connect to their corporate networks and what data they will have access to. The article 10 Best Practices for Mobile Device Security [1] outlines how enterprise IT departments can mitigate the inherent risks associated with mobile devices. Companies should:

  • Specify what mobile devices employees can use to connect to the organizational network based on the security and control that they allow IT administrators – even if it means that employees may not be able to have the most popular devices.
  • Enable encryption to allow data to flow across a secure connection while the device is being used.
  • Require authentication and password protection to provide basic data security in the event a device is lost or stolen.
  • Set up and use remote locking and data wiping capabilities
  • Provide employees a ‘lost phone hotline’ to quickly protect data in the event the device is lost or stolen.
  • Control the 3rd party applications that can be installed on company mobile devices to reduce the risk to corporate data stored on the device and the corporate network.
  • Set firewall policies to limit the data and applications that networked mobile devices ‘reasonably’ need access too.
  • Install intrusion detection software and monitor mobile network access.
  •  ‘Keep an open mind’ about adding mobile anti-virus software to enterprise devices.
  • Shut down the always-on Bluetooth connection broadcasting unless it is being used.

These mobile security suggestions can be successfully implemented by enterprise IT departments by providing clear policies that have solid support across the organization.

References

[1] Chickowski, Ericka. “10 Best Practices for Mobile Security.” Baseline. February 26, 2009. http://www.baselinemag.com/c/a/Mobile-and-Wireless/10-Best-Practices-for-Mobile-Device-Security/ (accessed December 10, 2013).

[2]  Cisco. “Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2012–2017.” Cisco. February 6, 2013. http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/white_paper_c11-520862.html (accessed December 15, 2013).

[3]  mobiThinking. “Global mobile statistics 2013 Part A: Mobile subscribers; handset market share; mobile operators.” mobiThinking. March 2013. http://mobithinking.com/mobile-marketing-tools/latest-mobile-stats/a#subscribers (accessed December 15, 2013).

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: