Guest Blog by Chris Stier, Managing Director of the Americas, NQ Mobile
(Download our infographic. Chris Stier’s RCA presentation: Mobile Security – Protecting Your Customers and Your Network, is scheduled to be delivered at 2:45 p.m.tomorrow at the Rural Carriers Association Spring Expo in Orlando, FL)
Smartphones, tablets and mobile computing devices have seen explosive growth on today’s wireless networks. While the proliferation of these devices provides tremendous benefits for wireless carriers and their subscribers, they also expose carrier networks and subscribers to malicious attacks from a whole host of viruses and malware. Dealing with this exposure
is further complicated by the number of smartphone operating systems, i.e., Android, iPhone, Windows Mobile, RIM, and Symbian. In this session, you will learn about the very real and growing threat of virus and malware attacks on mobile devices worldwide. We will discuss actual case studies and examples of mobile malware threats that are resulting in financial, data theft and privacy intrusion. Additionally, you will learn about approaches and technologies that you as a carrier can use to help protect your subscribers and your networks from these malicious attacks.
Due to the proliferation of smartphones over the past five years, we now live in a world where our lives are on our mobile phones. Consumers today have the ability to access their information – through social networks, bank accounts, or corporate e-mail accounts – anywhere, anytime thanks to smartphone. Of course, this also means that their most important data—including contacts, banking details, social networking account info, and even corporate emails and sensitive corporate data—are also stored on their phones.
There’s no doubt about it. This trend will continue over the next few years. Smartphone shipments are now outpacing PCs in many areas of the world, and smartphones are quickly becoming pocket-PCs, creating a new realm of opportunity for cyber criminals and a whole new area of concern for IT teams. Mobile malware is rapidly spreading, as hackers and malware authors take advantage of major flaws in mobile security. As a result, IT leaders are facing a unique problem because people are bringing their own devices into the work environment, making it hard for companies to prevent these threats from doing harm to both the employees and businesses.
Employees and IT managers are simply not prepared for a world running on handhelds. While most PC users understand the need to secure their desktop and laptop computers, smartphone users and businesses are only starting to recognize the need for mobile security. Cyber criminals are well aware of this and now focusing on mobile scams, particularly the most profitable ones that allow them to steal sensitive data from businesses.
This is a major concern for IT and business leaders. Not only are consumers using their unprotected mobile devices to shop, bank, stay in touch and socialize, they’re also using their mobile devices to access sensitive corporate data. When you consider that the average cost of a corporate data breach is $7.2 million and the use of personal devices for work purposes greatly increases the risk of data breaches, it’s clear that mobile security is a fundamental need for both smartphone users and the companies they work for.
If companies fail to ensure their employees, who are using their corporate resources, are equipped with mobile security offerings, they’re at high risk of data loss and other threats. The good news is that, by taking the time to secure their employees’ corporate mobile devices and data, and teaching them to protect their personal devices, they’ll fully realize the potential of using mobile devices without the hassles.
IT’s main challenge is to strike a balance between efficient practices and a reasonable policy for the secure use of mobile phones. Some businesses have developed strict guidelines to protect corporate data and sensitive information, such as restricting smartphone use to email and phone calls, and prohibiting any downloads without the advance approval of the company’s tech team. Other organizations issue company-owned mobile phones for business, and limit their use to activities that are secured within the company’s own network. However, whether it’s allowed or not, many people bring their own mobile phones to work and use them for business purposes without much thought about security.
When it comes to personal smartphone use, corporations often place security responsibilities in the lap of the individual user, and may offer support and security information through a company website. A typical employee who uses a smartphone does so for business calls, emailing, customer or contact data, credit card payments, document retrieval and GPS assistance, as well as social networking, if this is important to the company’s marketing efforts. Each one of these activities can attract malicious intruders that can enter sensitive areas of the company’s internal network.
A sound corporate policy might start with the simple mandate of locking and secure passwords for mobile devices. Network managers should stay on top of mobile platform updates, perhaps limit data accessibility on the company network, and prohibit downloads and private social networking on company phones. A company might also institute a loss-prevention security system that would lock and wipe the device clean in the event it becomes lost or stolen. Company strategy must take into account its level of dependence on remote communications, the number of phones in use, and the company’s willingness to shoulder the risks involved in opening a data highway between its mobile phones and internal network systems.
When a business of any size decides to embrace the mobile phone as a tool, it is wise to simultaneously develop sound a company security strategy to protect it from a malware calamity. So start small–by encouraging smartphone users to download a strong mobile security product (like NQ Mobile Security) or go bigger and make mobile security a mandatory part of your IT policy. Whatever you do, don’t wait for mobile malware and hackers to strike. Keep your organization protected and your ROI will be real and well worth it.