Get mobile on device infosec policy

Powered by SC Magazine
 

Trial your mobile policies with users to guage acceptance.

Mobile devices like smartphones and tablets are quickly becoming an essential item for many Australian professionals, but there’s a high price for this convenience.

The proliferation of employee-owned mobile devices in the workplace has significantly heightened the security risk for enterprises, putting corporate data at risk.

Recent Australian Bureau of Statistics figures state there were 8.2 million mobile handset subscribers in December 2010, up from 6.7 million in June.

Gartner said more than 5.7 million smartphones are forecast to be sold this year, compared to 4.4 million last year,  and will exceed 9.6 million in 2014.

By 2015, nine in 10 mobile phone users in Australia will own a smartphone.

But before the immense popularity of mobile devices, organisations standardised enterprise mobility on a single mobile platform which were provided to a select number of employees.

However, now an increasing number of employees own personal mobile devices and want to use them for work purposes, particularly as the boundaries blur between work and home life.

Work gets personal

Practically speaking, it is very difficult to prevent employees from using their personal mobile devices for business purposes.

You need a clearly documented and enforceable mobile security policy.

Organisations should start planning on the broad security measures they want to put in place over time, not when problems arise.

You need to consider the areas of access control, data protection and malware prevention:

Access control: Requiring authentication such as a password or even voice detection/fingerprint should be implemented. Unfortunately, these approaches can also make it more difficult for the device owner and may lead to user dissatisfaction.

Malware Prevention: Security suite software runs on the mobile device, scanning for malware and viruses, and is regularly updated as new threats arise. Even applications from pre-approved vendors like the Apple App Store are not immune from malware. 

Data protection: Encrypting the data on mobile devices can provide an additional level of security. Wiping data from a lost or compromised device is recommended practice, however the large amount of personal information that is also lost could be perceived as an invasion of privacy by the end user. Today there are few robust solutions available to adequately separate access to personal and work data, although this is likely to be an area of focus for a number of vendors in the space.

The approach to adopting a mobile security policy depends on what’s driving the organisation. If a company is under pressure from senior people to deliver a quick solution for mobile device use in the workplace, a remedy would be to use an outsourcer to address the issue while policies and procedures are being defined internally.

Alternatively, an organisation could trial a pilot program with a small group of users while they define their mobile security strategy.

Finally, if an organisation wishes to manage the mobile devices itself, we would suggest that they utilise technology that can manage the range of devices people use to interact with the corporations: desktops, laptops, mobile devices and BYO devices.

This would enable the company to have a complete view of their assets (those owned by both employees and the corporation) and act swiftly in the event of a compromised mobile device.

Just the beginning

While the threat of malware on PCs is very real, the threat of mobile devices is just beginning to emerge as they become more popular.

During the next five years, use of smart devices will explode. There will be two billion smart mobile devices in the hands of consumers and business users by 2015. Furthermore, they’ll be using 15 times more mobile apps and services, as well as spending four times more on mobile transactions.

Although the number of smart devices within an organisation may be relatively small at the moment, now is a good opportunity to plan for the next five years.

As your mobile enterprise continues to expand and devices grow more robust, your security risks increase. But with careful preparation, you can leverage the latest tools and expertise to help protect your highly valuable corporate assets.

 It’s clear there is a lot to be excited about with smart mobile devices. This new group of handhelds promises to increase productivity while giving employees greater flexibility. That’s a winning formula for both employees and their businesses.

Copyright © SC Magazine, Australia


Get mobile on device infosec policy
Tags
 
 
 
Top Stories
Parliament passes law to let ASIO tap entire internet
Greens effort to limit devices fails.
 
Business-focused Windows 10 brings back the Start menu
Microsoft skips 9 for the "greatest enterprise platform ever".
 
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Constantly rushing to the printer to stop other people seeing your printouts?
Sep 24, 2014
Lexmark's latest family of small-business printers include a feature that lets you stop anyone ...
This 4G smartphone costs $219
Sep 3, 2014
It's possible to spend a lot less on a smartphone if you're prepared to go with a brand you ...
Looking for storage? Seagate has five new small business NAS devices
Aug 22, 2014
Seagate has announced a new portfolio of Networked Attached Storage (NAS) solutions specifically ...
Run a small business in western Sydney?
Aug 15, 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Buying a tablet? Microsoft's Surface Pro 3 goes on sale this month
Aug 8, 2014
Microsoft has announced its Surface Pro 3 will go on sale in Australia on 28 August from ...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  65%
 
Advanced persistent threats
  5%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1397

Vote