Most people still think that the security concerns of using work-related mobile devices are limited to leaving your iPhone in an airport bathroom. But the proliferation of mobile devices is presenting a new set of security challenges to businesses that encompass the same wireless and application security issues we’ve been dealing with for the last few decades.
If your employees use mobile devices to access sensitive company data wirelessly while outside the office, here are three areas of concern for your security department.
Lost Mobile Devices
The most obvious are of concern for security is the inherent mobility of mobile devices. Unlike the desktop computers of the past, employees use their mobile devices to access their work while on the go outside of the office. So if a device is lost or stolen, it is the security equivalent of a five alarm fire. A smart hacker can bypass the basic protection features and look for unencrypted credentials and cached sensitive data. It’s very difficult to detect such unauthorized access on your network when it is originating from an approved device. However, the simplest preventative measure one can take is to have a way to remotely wipe data from a mobile device in the event it is lost.
We all knew that it was just a matter of time before the same kinds of malware that have been the bane of PC users for the last decade would begin to target mobile devices. Poison text messages grew 300% in 2010 and 400% in 2011. Right now, about 1 out of every 100 texts you receive is a scam to get you to sign up for some worthless service that charges you a monthly fee or download an app that will try to access your email, steal credentials from mobile banking applications, or read your passwords. App installation is the most common method of infection and Android’s open source software is most often the target; however, BlackBerry and iOS users are not immune. Users should be advised to only download apps from reputable sources and be extra suspicious of free apps.
Sometimes security vulnerabilities do not originate from the device itself, but from the outside sources it uses. Often mobile applications have a server component that the client interacts with, such as an HTTP or Web Service formats. That server may have its own set of security issues beyond the control of the user. They may be subject to command injection, business logic, application logic flaws, and cross-site scripting. Attacks that prey on weak servers can steal access credentials from unwitting users who use the mobile application.
Despite these serious concerns, it does not mean that businesses should discontinue utilizing mobility in favor of security. There are steps that can be taken to address these potential security issues that any business can follow. This video can walk you through managing your mobile devices by creating a secure environment.