Mobile phones have become as important to business function as email and paper. With the incorporation of high-level software functions like Microsoft Office, the functionality of these devices has reached unprecedented levels–and so has their vulnerability to security compromise. A study by the Carnegie Mellon University revealed that 4 in 10 companies that issue mobile phones have had devices lost or stolen, many of which contain sensitive data.
In a highly publicized case in the United Kingdom, the mobile phones of celebrities and high-profile criminal victims were hacked by reporters, resulting in serious damage to criminal investigations and intrusions into the personal lives of unsuspecting people. The ongoing fallout has resulted in several prison sentences and the closure of one of Britain’s oldest newspapers, The News of the World.
Risks of mobile communication
Employees are accessing increasingly sensitive information via smart phones, which are slowly but surely replacing laptop computers for sensitive data transfer. The Carnegie Institute estimates that mobile data usage will increase twelve-fold by 2014. All this activity has attracted the hacking community and identity thieves. In 2010, threats from malware increased by an estimated 46%, which translates to 55,000 new malware threats each day. Worse still, when users sync their phones with their computers, malware can be transferred and propagated.
This situation is exacerbated by users accessing potentially sensitive data in public Wi-Fi locations, such as coffee shops, airports, bookstores or other locations providing free Internet access. These free services are designed for ease of use, not security. Educating end users is essential to helping them understand the risks involved and teaching them how to avoid having sensitive data intercepted.
Device disposal and recycling
Organizations must be proactive and thorough when disposing of smart phones, because those devices still may have sensitive data stored in them. Such devices should be destroyed at the end of their service, with consideration to having the device and memory cards ground up to make it impossible to retrieve embedded data.
Older phones are often handed down to lower levels of management/workforce as newer faster ones are requested by senior management. In these cases, data and memory cards should be erased and/or replaced.
New dangers and responsibilities
Corporate espionage can easily target such versatile, powerful devices. To prevent security compromise, many companies restrict cell phone use. Others with sensitive R&D projects require employees and visitors to log phones in. Phones should be considered real threats to security, and should be considered in any vulnerability assessment.
Issuing employees new technologies brings new responsibilities. Companies should also establish policies and procedures for how to handle, use, and recycle phones. Use of phone passwords is key, as well as implementation of features that allow devices to be wiped remotely.
The bottom line
Mobile phones present a major challenge for professionals charged with maintaining security for any size of organization. Too many phone users do not take the threat seriously and so leave themselves and the organization open to attack. The results can be compromising, at best, to catastrophic at worst.
Sunstates Security can help organizations with policy and protocol development and employee training. For more on this and other security-related information, please contact Jeff Cathcart, Director of Training and Compliance Services, at email@example.com.