How Can an InfoSec Professional Protect against Mobile Computing Risks?

With all the hoopla about mobile computing, everyone knows the basic concerns. There are the geographical concerns: if you use your smartphone or other mobile device at a specific location, someone could rob you while you are on errands and away from home. There are the financial concerns: if you use a smartphone or other mobile device for online banking or to make online purchases, your credit card information could be stolen or your bank’s database could be hacked into. There are the information security concerns: you could download a corrupted application that could access your email addresses and other data stored on the device. And, of course, there is the physical security issue: someone can steal the actual device – how many of us add passwords to our devices? But what is the real story?

In Pew Research’s 2010 Mobile Access study, it found that 82% of US adults have a mobile device. Interestingly enough, just 11% of US adults with a mobile device have made a purchase with their devices. But that number jumps to 20% among Americans between the ages of 18 and 29. Some other interesting stats include: 23% of US adults with a mobile device have accessed an online social network with their devices; 20% have viewed a video on their devices; and 11% have contributed to charity via their mobile devices.

According to ESG’s research, 37% of large organizations claim that “mobile device spending is growing significantly.” The reason is simple: mobile devices are becoming essential to business processes – 38% of large organizations say that mobile devices are “critical” to their organizations’ productivity. In fact, mobile device use is expanding beyond email—28% of organizations have already developed applications specifically for mobile devices while more plan to do so.

While there are countless blog posts and media discussions focused on marketshare owned by the iPhone vs. Blackberry vs. Android, there is a lack of attention focused on securing mobile devices. It is our responsibility as InfoSec professionals to train end-users with “mobile security training” sessions to address potential dangers of increased mobile device usage so that end-users understand the risks:

  • viruses can be sent via email or App through a mobile device to a company’s network
  • corrupted applications could impact a company’s network
  • theft of confidential company information or personal identity theft could result if a device is lost or stolen

A mobile device should be treated just like all other computing devices. Back up your data on a regular basis. Install virus and malware protection if needed, such as, on Windows phones. Always be sure to keep your software up-to-date and download new releases as soon as they become available. And last but not least, if your device is capable of password protection, use it – don’t use “password” as your password!

Advertisements

About Allan Pratt

Technology and cybersecurity professional with focus on tech news, cybersecurity, networking, infrastructure, data protection, consumer electronics, and social media.
This entry was posted in Mobile Computing and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s