Get mobile on device infosec policy

Powered by SC Magazine
 

Trial your mobile policies with users to guage acceptance.

Mobile devices like smartphones and tablets are quickly becoming an essential item for many Australian professionals, but there’s a high price for this convenience.

The proliferation of employee-owned mobile devices in the workplace has significantly heightened the security risk for enterprises, putting corporate data at risk.

Recent Australian Bureau of Statistics figures state there were 8.2 million mobile handset subscribers in December 2010, up from 6.7 million in June.

Gartner said more than 5.7 million smartphones are forecast to be sold this year, compared to 4.4 million last year,  and will exceed 9.6 million in 2014.

By 2015, nine in 10 mobile phone users in Australia will own a smartphone.

But before the immense popularity of mobile devices, organisations standardised enterprise mobility on a single mobile platform which were provided to a select number of employees.

However, now an increasing number of employees own personal mobile devices and want to use them for work purposes, particularly as the boundaries blur between work and home life.

Work gets personal

Practically speaking, it is very difficult to prevent employees from using their personal mobile devices for business purposes.

You need a clearly documented and enforceable mobile security policy.

Organisations should start planning on the broad security measures they want to put in place over time, not when problems arise.

You need to consider the areas of access control, data protection and malware prevention:

Access control: Requiring authentication such as a password or even voice detection/fingerprint should be implemented. Unfortunately, these approaches can also make it more difficult for the device owner and may lead to user dissatisfaction.

Malware Prevention: Security suite software runs on the mobile device, scanning for malware and viruses, and is regularly updated as new threats arise. Even applications from pre-approved vendors like the Apple App Store are not immune from malware. 

Data protection: Encrypting the data on mobile devices can provide an additional level of security. Wiping data from a lost or compromised device is recommended practice, however the large amount of personal information that is also lost could be perceived as an invasion of privacy by the end user. Today there are few robust solutions available to adequately separate access to personal and work data, although this is likely to be an area of focus for a number of vendors in the space.

The approach to adopting a mobile security policy depends on what’s driving the organisation. If a company is under pressure from senior people to deliver a quick solution for mobile device use in the workplace, a remedy would be to use an outsourcer to address the issue while policies and procedures are being defined internally.

Alternatively, an organisation could trial a pilot program with a small group of users while they define their mobile security strategy.

Finally, if an organisation wishes to manage the mobile devices itself, we would suggest that they utilise technology that can manage the range of devices people use to interact with the corporations: desktops, laptops, mobile devices and BYO devices.

This would enable the company to have a complete view of their assets (those owned by both employees and the corporation) and act swiftly in the event of a compromised mobile device.

Just the beginning

While the threat of malware on PCs is very real, the threat of mobile devices is just beginning to emerge as they become more popular.

During the next five years, use of smart devices will explode. There will be two billion smart mobile devices in the hands of consumers and business users by 2015. Furthermore, they’ll be using 15 times more mobile apps and services, as well as spending four times more on mobile transactions.

Although the number of smart devices within an organisation may be relatively small at the moment, now is a good opportunity to plan for the next five years.

As your mobile enterprise continues to expand and devices grow more robust, your security risks increase. But with careful preparation, you can leverage the latest tools and expertise to help protect your highly valuable corporate assets.

 It’s clear there is a lot to be excited about with smart mobile devices. This new group of handhelds promises to increase productivity while giving employees greater flexibility. That’s a winning formula for both employees and their businesses.

Copyright © SC Magazine, Australia


Get mobile on device infosec policy
Tags
 
 
 
Top Stories
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
The CISO’s dilemma: Do you trust your partner’s partner?
[Blog post] How far down the chain do you check?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Do you direct debit customers? Read this
Oct 10, 2014
Authorities have been targeting direct debit practices with iiNet and Dodo receiving formal ...
Optus expands 4G coverage
Oct 10, 2014
If you rely on an Optus phone for work you might be interested to know that there are now 200 ...
Microsoft Office is now free for some charities
Oct 10, 2014
Microsoft has announced that eligible Australian non-profit organisations and charities can now ...
Vodafone lights up 4G in Adelaide
Oct 9, 2014
Live and work in Adelaide? Vodafone has switched on its 4G network in the city and suburbs.
Next year tradies will be able to take payments using ingogo
Oct 3, 2014
Ingogo is going to provide a card payment service for Xero users.
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 321

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 126

Vote