Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
03 November 2008  
Untitled Document
Sections

Market
Management
 Technology
Technology Life

Express Intelligent Enterprise

Events

Technology Senate
Technology Sabha
Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
CIO Decisions
Exp.Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Express Healthcare
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Vendor Accent

Security and your mobile device

Vishal Dhupar comments on the emerging threat landscape affecting mobile devices

Before enterprise networks became mobile, organizations were able to contain their data within four physical walls.  Most—if not all—companies safeguarded information with minimal points of entry to protect.  Advances in mobile technology now allow people to access a corporate network or personal financial information from virtually anywhere. The virtual office has increased productivity, but it has also introduced the challenge of protecting confidential data and securing multiple wireless endpoints including laptops, PDAs and smartphones.

Mobile devices now provide users the ability to access information anywhere and anytime. Much like computers, mobile devices contain corporate and personal data such as email, spreadsheets, financial information, phonebooks, and pictures. Accessing information and networks remotely through wireless devices without the proper security in place opens up individuals and organizations to a new set of threats targeting their information and infrastructure. 

Emerging Threat Landscape

Mobile devices are the fastest growing device segment. With the expanding adoption comes increased vulnerability for threats.  While still in a stage of infancy, mobile virus variants have doubled every six months from 2004 to 2006, showing a growing trend toward mobile devices as the hacker’s next destination. As a result, analysts predict that companies will spend one billion dollars on mobile security and anti-virus software by 2008. 

While hackers once attacked for notoriety, today’s attacks tend to be more inconspicuous and profit-driven. Mobile phone users not only send emails and edit documents, but also check stock portfolios and conduct financial transactions from their phones.  Mobile devices are now full of sensitive personal data—making it easy for criminals to steal identities and fraudulently collect personal financial information. 

The most common way attackers gain access to confidential information is through the loss or theft of a mobile device.  As data such as credit card, bank account and social security numbers are increasingly being stored in mobile phones, criminals are seizing the opportunity to capture that information from careless wireless users.  With the size and portability of these devices, the loss or theft of a mobile phone has become a reality. 

In addition to the loss and theft of mobile devices, worms and Trojans, as well as spam and phishing are beginning to make their way to smartphones. Also known as SMiShing, these threats use SMS to transport spam and phishing attacks to the user’s phone – jeopardizing confidential information.  Another threat targeting smartphones is spyware also known as Snoopware.  Snoopware can secretly activate the microphone and camera on a device to snoop on conversations and other dialogue in the immediate vicinity of the phone.  This particular threat can be especially dangerous to users who may pass along sensitive business and personal data in conversation. Though threats to smartphones are in their early stages, security experts speculate that such attacks will likely continue to increase.

To ensure corporations and users to keep their confidential business and personal information safe, policies must be set in place to protect both companies and users when they are accessing critical information from mobile devices. 

Best practices for safeguarding mobile devices

In a recent survey, two out of three smartphone users said they store confidential data or proprietary information on their devices, and one out of two said they do not have corporate security rules for confidential data on smartphones.  These numbers drive the increased need for proper mobile security measures to be taken.  Mobile device users and enterprise IT administrators must arm themselves with security best practices and software. 

IT administrators should put together a policy that communicates the following best practices to their users to protect corporate data residing on handheld devices:

  • Adopt a multi-layer security approach to mobile security: Protect mobile devices with antivirus, firewall, anti-SMS spam, and data encryption technologies and install regular security updates to protect phones and corporate information from viruses and other malware.  Organizations should provide this technology to their employees and teach them how to use it properly. 
  • Encourage employees to be vigilant about personal security: Do not leave handheld devices lying out on a café table or in an outside pocket of a purse or backpack. Caution employees against carrying their device it in a jacket or any other place where a pickpocket could easily snatch it.
  • Set policies to password-protect handhelds: Ensure that employees use strong passwords and PINs, and change them frequently to make it difficult for thieves to access confidential information.
  • Regular backups: Employees should schedule regular backups for handhelds just as they would for your PC or Mac. 
  • Use only secure wireless connections: Employees should be encouraged to use only secure wireless connections when accessing corporate network remotely—if you are unable to find one, save important transmissions until you can connect to a secure environment. 

Disable Bluetooth and wireless signals when they are not in use.  Bluetooth headsets should be paired exclusively with one employee’s handheld device. 

Teach employees to develop discriminating behavior toward pop ups. Employees should not automatically accept download or update requests—especially if they pop up in quick succession.

In this mobile world, using smartphones for everyday tasks such as sending e-mail messages or banking online should be a convenience, not a worry.  This also holds true for corporations. Corporations that have these devices available to their employees should establish best practices as official policy to ensure their information is secure. Executives and consumers alike should feel safe in accessing confidential information without having to fear it will end up in the wrong hands.  By using these tips to safeguard your mobile device, you can feel safe and confident performing tasks via your phone.

The author is the Managing Director of Symantec India

 


Untitled Document

UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.