With all the hoopla about mobile computing, everyone knows the basic concerns. There are the geographical concerns: if you use your smartphone or other mobile device at a specific location, someone could rob you while you are on errands and away from home. There are the financial concerns: if you use a smartphone or other mobile device for online banking or to make online purchases, your credit card information could be stolen or your bank’s database could be hacked into. There are the information security concerns: you could download a corrupted application that could access your email addresses and other data stored on the device. And, of course, there is the physical security issue: someone can steal the actual device – how many of us add passwords to our devices? But what is the real story?
In Pew Research’s 2010 Mobile Access study, it found that 82% of US adults have a mobile device. Interestingly enough, just 11% of US adults with a mobile device have made a purchase with their devices. But that number jumps to 20% among Americans between the ages of 18 and 29. Some other interesting stats include: 23% of US adults with a mobile device have accessed an online social network with their devices; 20% have viewed a video on their devices; and 11% have contributed to charity via their mobile devices.
According to ESG’s research, 37% of large organizations claim that “mobile device spending is growing significantly.” The reason is simple: mobile devices are becoming essential to business processes – 38% of large organizations say that mobile devices are “critical” to their organizations’ productivity. In fact, mobile device use is expanding beyond email—28% of organizations have already developed applications specifically for mobile devices while more plan to do so.
While there are countless blog posts and media discussions focused on marketshare owned by the iPhone vs. Blackberry vs. Android, there is a lack of attention focused on securing mobile devices. It is our responsibility as InfoSec professionals to train end-users with “mobile security training” sessions to address potential dangers of increased mobile device usage so that end-users understand the risks:
- viruses can be sent via email or App through a mobile device to a company’s network
- corrupted applications could impact a company’s network
- theft of confidential company information or personal identity theft could result if a device is lost or stolen
A mobile device should be treated just like all other computing devices. Back up your data on a regular basis. Install virus and malware protection if needed, such as, on Windows phones. Always be sure to keep your software up-to-date and download new releases as soon as they become available. And last but not least, if your device is capable of password protection, use it – don’t use “password” as your password!