Businesses which have opened up their IT infrastructures to user-owned mobile devices, through bring your own device (BYOD) policies, need to take firmer steps to secure their data and networks from a growing range of security threats.
That’s the word from William James, product manager at Cellfind, a subsidiary of the JSE-listed Blue Label Telecoms. He says that many end-users and the organisations they work with seem to have a subdued awareness of the multiplicity of mobile security threats they face and of the policies and systems they should put in place to defend their devices and data.
Says James: “Now that smartphones and tablets are beginning to take a central role in the business (in place of PCs), they store more and more valuable data. They also have privileged access to a range of corporate systems, applications and information.
“That makes them an increasingly compelling target for information thieves and malware writers. Just in the past year, we have seen an alarming rise in security threats to mobile devices, highlighting an urgent need for implementing tools to manage these risks.”
James points to figures from Kaspersky which indicate that the number of malicious programs for the Android platform grew from a few isolated samples in early 2011 to more than 40 000 by the end of 2012. In addition, malware authors are creating increasing sophisticated and targeted malware aimed at lifting valuable data – for example banking details – from mobile devices.
In addition, what if tablets and smartphones are lost or stolen – along with their data and access to corporate network resources? SAPS stats indicate that mobile phones still rank among the most stolen items in South Africa.
These concerning trends take place against the business world backdrop which is increasingly dependent on mobile devices, many of them owned by employees rather than the organisation. By Gartner’s estimate, by 2016 two-thirds of the mobile workforce will own a smartphone and 40% of the workforce will be mobile. What’s more, by then, half of all non-PC devices will be purchased by employees.
Says James: “Organisations face a dual challenge of implementing policies that govern which mobile devices end-users may use and how they may use them, and putting in place tools to enforce policy and manage devices.
“Consider the risk, for example, of users connecting to the corporate network with jailbroken devices that might be riddled with malware. The trick is to put policies and devices in place that enable rather than strangle the user’s experience and productivity.”
James says that companies need ways to ensure that end-users always have the latest security patches and antimalware software installed, enforcing password protection and other security measures, and tracking lost or stolen devices, as well as wiping data clean from them.
“Organisations will need to face a range of new IT challenges as mobile devices swarm throughout their workforces, but they cannot afford to be complacent as the mobile device becomes more central in their business processes”, James concludes.