Mobile technology is taking over. The introduction of smartphones radically has shifted the tech world, and tablets have only pushed the mobile trend even further. These smaller, lighter and thinner devices are more computer than phone and are quickly becoming a standard in people’s pockets. In fact, over half of the UK population owns a smartphone.
The ability to communicate with anyone from almost anywhere, instantly access and share information, and monitor email and social media accounts on the go have made these devices great companions. Not surprisingly, their varied capabilities have made them popular in the workforce, with more and more employers issuing them to their employees. However, while these devices greatly improve productivity, they also open the door to a number of security challenges.
The growing trend of Bring Your Own Device (BYOD) brings many benefits into the work environment, but it also introduces additional network security complications. Employees who use their phones for both personal and professional use can significantly increase the chances of putting company information at risk. We often attribute security threats to crafty cybercriminals hacking their way into organizational networks. While that certainly happens, businesses become so focused on external attacks that they forget about internal threats. There are a substantial amount of data breaches that occur from improper or careless use of mobile devices.
Featured Download: Social media access at work. Do your employees know the rules?
Company issued devices often limit the types of activities they can be used for. For instance, admin controls often prevent the installation of non-work-related apps. Company devices are also often secured with antivirus and malware protection software. However, this isn’t the case with BYOD devices. Employees use these devices on a variety of networks throughout the day and download and install a wide-range of apps. In addition, personal browsing habits may lead to unsafe websites. This further increases the chances of a device becoming infected and compromising company data.
Traditionally, hackers would steal information via unsecured networks or malicious websites. However, a growing number of mobile devices, like smartphones, are becoming infected through unsafe apps. We’d like to think all of the apps on the various mobile app stores are safe and vetted, but they aren’t. Criminals can (and have) designed fake, malicious apps and uploaded them on these app stores. When users install them on their devices, the apps infect them and steal their information.
For example, when the game “Flappy Bird” was removed from Google’s Play Store, many fake versions appeared. Thinking it was the original game, many people installed it without a second thought. There are even examples of fake antivirus apps that made it to the top of the paid apps list. Many of these fake apps are malicious in nature, injecting malware into the device. Mobile malware can do a lot of harm to a business, like log, steal, and publish almost everything an employee does on their phone.
In 2013, Android captured 87% of the global smartphone market. The downside though is that Android also owns 97% of the world’s mobile malware. That means most phones on the market are subject to malicious attacks. However, those using other devices shouldn’t feel invulnerable. There is a current vulnerability in Apple iOS devices that could result in the same issues. Once again, much of these threats stem from malware through unregulated, third-party apps.
Long story short, mobile devices can present serious problems for employers. That being said, it doesn’t mean mobile shouldn’t be a part of a business’s device toolkit. It also doesn’t mean companies should shy away from allowing employees to bring their own devices and instead mandate the use of company issued devices. For most companies, the benefits of BYOD outweigh the complications. Companies will need to come up with a strategy that’ll incorporate the usage of BYOD while still emphasising security and information protection. Every situation will be different, but businesses can explore any number of options, from Mobile Device Management to required security app installations. The key is to create guidelines so employees understand mobile expectations and become more conscious of their habits, thereby decreasing negligent behaviour.
By Rick Delgado | @ricknotdelgado
Bio: Rick is blessed to have a successful career and has recently taken a step back to pursue his passion for writing. He loves to write about new technologies and how they can help us and our planet in particular. Rick occasionally writes for several tech companies, including Dell. His articles are always industry-neutral.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.