Tuesday, August 28, 2012

Smartphone security Risks and protection measures


Smartphone security: Risks and protection measures

Smartphones are infiltrating businesses of all sizes. Decreasing price points and increasing functionality puts enterprise-class capabilities in the palm of every Tom, Dick and Harry who connects to the corporate network. No big deal, right? Blackberrys, iPhones and Androids – among many others – enable your users to work more efficiently. But, like every other piece of technology, smartphones come with a price to your organization. That price is in the form of risk. Let’s look at some of the ways smartphones introduce risk to your environment, and then look at some of the best practices for managing that risk.

Data Loss

Perhaps the most significant risk posed by smartphones is that of data loss. There are a number of ways data can be lost or stolen from smartphones. Most obvious is the loss or theft of the device itself. These small handheld devices can be easily forgotten in public places or picked up by casual passersby. Many users either don’t password protect their phone because of the inconvenience it poses or, if they do, use a simple four-character password that can easily be cracked. So all of the data – be it sensitive company data or personal data – is accessible by an unauthorized user.

There are also occasions upon which users have legitimate possession of another’s smartphone, but have no business accessing the data on it. For example, it is not unusual for a user to give an old phone to a friend who has lost their own or to donate an outdated phone to a charity. Data can also be exposed if a smartphone is resold or sent in to the manufacturer for repair.

But physical possession is not required to steal data off of a smartphone. Mobile applications can access the data on your users’ smartphones and, in some cases, even store that information on third-party servers. For example, applications marketed as tools to catch cheating partners and protect children can be downloaded to an unsuspecting users’ smartphone. The application captures emails, texts, browsing history and telephone calls, and stores that information on a server where it can be retrieved by an unauthorized individual. If any of those communications include corporate data then it too is saved and accessed by a third-party.

All of these scenarios put companies at risk of being noncompliant with laws and regulations around data privacy. If a user loses a smartphone storing unprotected corporate data or your data is stored on an unauthorized third-party server, your company is liable and can face fines.

Common vulnerabilities

Contrary to popular belief, smartphones are no better protected against denial-of-service attacks or malware infections than an unprotected PC. In fact, the applications that run on smartphones are subject to all of the same vulnerabilities. Consider Web applications, which have been used to spread malware, spyware, phishing attempts, etc., via PCs. Users are downloading similar applications to their smartphones, the difference being that smartphones typically do not have antivirus protection, so these infected files can propagate onto an IP network.

The smartphone’s small form factor further facilitates propagation of malware. It’s more difficult to identify risk web sites and suspicious emails and links on pared down sites built specifically for a small screen. Plus, users tend to be more trusting of the data they receive on their smartphones because the devices represent a more intimate communications channel. Thus, they are more likely to click on potentially dangerous links.



If you need IT Technical Training, Training Planet and Certification City are the best places to check. Great everyday low prices on training and certification products and classes to get you a job or move up the ladder.

http://www.trainingplanet.com - self study on DVD-ROM or Online
http://www.certificationcity.com - nationwide boot camp classes