According to research carried out by Gartner, smartphones may be endangering
company security as their popularity continues to grow.
More and more employees are using smartphones instead of laptops to access
company email and connect to company networks when they are out of the
office.
Sales of mobile devices in the second quarter of this year grew 16.5%
year-on-year, whilst for smartphones the figure was 74%, accounting for 25% of
overall sales. This has risen 17% since the previous quarter in business
sales.
Wick Hill Group plc have warned that this raises key issues pertaining to
security which companies have given little or no thought to.
It is thought the biggest threat is that these devices are more often lost
or stolen than many of the larger devices, such as laptops and netbooks.
Research by getsafeonline shows that 1 in 5 smartphone owners can expect to,
or have, lost their device at some point. It is also thought that people
consistently lose their phones in London taxis and there is “a fairly
consistent 10,000 per month” devices left in the vehicles.
It is also believed that phones connected to a VPN could be at risk of
becoming infected with malware or being hacked.
Philippe Winthrop, an analyst at consultancy Strategy Analytics , commented:
“If I take your device and muck around with it, what if the VPN is set up on
it? It’s a huge risk not being dealt with enough today.”
Getsafeonline’s Tony Neate says: “Users must remember that they are
essentially carrying around a tiny laptop with a wealth of personal information
that is very attractive to fraudsters.”
Smartphone security has become high profile recently as the infection rate
in Android devices has risen dramatically. Many don’t realise that there is a
need for security software to be installed on the devices, leaving them open to
different kinds of attack.
Security experts have warned that smartphones now represent the easiest way
for criminals to steal personal information and use information
fraudulently.
Bearing this in mind, it is more important than ever for companies to have
security policies and implement protective measures across the business.
This is especially true when companies allow employees to use their devices
for both business and personal use.
The mixture of voice and data also means that firms have failed to take into
account the additional security issues that this could raise, especially when
it comes to secure connections.
According to the report, there are a number of steps that businesses can
take to better protect devices used by employees.
These include setting up a PIN in order to secure the phone and not relying
on default settings.
There should also be a facility which allows the data on the device to be
wiped if a criminal should attempt to enter the pin more than three times.
A central management system should be set up in order to prevent a phone
being used in the event that it is lost or stolen.
Another recommended step is to install GPS tracking and a “SIM watch” which
sends any new number back to the company if a new SIM is placed into the
handset.
As with personal phones, it is also a good idea to make a note of the IMEI
numbers of company phones. If a device is lost or stolen, the number is placed
on a database and blocked, meaning that it can no longer be used.
Further useful advice is to simply treat the devices as you would a PC and
train employees to take care when opening mail or clicking on links.
As with computers on a network, companies should install antivirus solutions
and ensure that these are properly licensed and kept up to date.