It may be easier to see mobile security as a concern for those of us responsible for the real-time protection of massive enterprise networks, but the threats are no less real for small businesses. In fact, according to Price Waterhouse Coopers, seven in ten small businesses go out of business within a year of a severe data loss.

Earlier this week, we released results of a survey, conducted by AT&T and the Center for Interdisciplinary Studies in Security and Privacy (CRISSP) at NYU-Poly, looking at the attitudes and current practices of small business owners regarding mobile security.

Although 82 percent of small businesses have taken steps for securing company laptops, only 32 percent are taking measures to secure smartphones – which are now more often than not, employee-owned.  Unfortunately, all the well-publicized cyber security threats known for laptops and desktop computers are eclipsed by the emerging cyber security threats on mobile devices.

Hackers are turning their attention to wireless platforms to exploit their popularity and any potential vulnerability. Unfortunately, the unique capabilities of mobile devices – GPS, mobile applications, WiFi, Near Field Communication (NFC) – all compound potential new threats and come with multiple new points of entry for cyber attackers.

Take the example of tablet computers, which are rapidly replacing the PCs that busy executives carry everywhere as their mobile business desktop. Because these devices are relied on for extremely sensitive transactions, including confidential business discussions and preparations, and also banking, mobile payments, and other private personal business, they are increasingly attractive targets for cyber criminals.

With 59 percent of small businesses saying they rely exclusively on mobile devices, it’s more than troubling to see so many of them don’t have the necessary security protocols in place – or they’re unaware of the security concerns introduced by BYOD.

Many small businesses look to a Managed Security Service Provider (MSSP) for help because they don’t have the internal expertise to deploy and manage security controls that can quickly morph and adjust to the constantly changing threats.  Just trying to understand the full extent of your risk profile can be a major challenge for a small business without a dedicated security team.

Partnering with an MSSP can help compensate for the lack of internal security expertise and keep your organization ahead of the changing landscape.  At AT&T, we see a trend among SMBs toward cloud-based services due to their advantage of simplicity, no required capital expense, ease of maintenance and access to security experts.

This short video provides more detail on the study results:

As a small business, what are you doing to shore up mobile security?

According to Juniper’s report, IT feels pressure from both senior management and other employees to support the Bring Your Own Device (BYOD) trend. However, IT pros reported concerns about the following consequences of BYOD:

• Security breaches due to stolen devices – 41%
• Knowledge required to manage devices – 40%
• Knowledge needed to manage security protocols – 37%
• Employees introducing malware – 32%

I’m not surprised at all to see this kind of response from IT. Our team at AT&T encounters these concerns almost daily with our customers.

The greatest challenge we see with BYOD in the enterprise is the massive distribution of security responsibility. We know it’s an unreasonable expectation to ask every employee to be a security administrator, configure proper personal settings for protection, and remain vigilant on updating the latest malware software. It’s an assumption we, as an industry, made with PCs – and we’re still paying for it.

That’s one reason why AT&T is lifting the responsibility of mobile security off the shoulders of individual employees and into cloud-based, corporate managed gateways – where our security experts can manage and administer consistent policy control over how and where data is accessed, stored, and moved across our mobile environment.

Another reason is that many of the types of attacks that are emerging in the mobile ecosystem can only be stopped via real-time policing and filtering at the network-level.  Simply loading a security app onto the device is not sufficient, especially now that employees have mobile access to enterprise applications and data stored in the cloud or other virtual environments.

Before we had desktop PCs, computer terminals accessed information on mainframes and this model provided significant security benefits.  There was no need for end-user software patching and no end-user platform for targeted malware.  Similarly, a central cloud-based gateway, for all Internet and enterprise traffic means a central gathering place for policy-based routing and security intelligence for accessing corporate resources.

The virtualization of security resulting from increased enterprise mobility was also a major focus of this year’s RSA Conference.  Here are my key takeaways from those conversations:

How about you? What do you see as concerns for the BYOD trend? How should they be addressed? We look forward to your comments.

Ed’s twenty six-year career at AT&T began at Bell Laboratories, where he worked on securing the Unix operating system, as well as numerous federal government security initiatives. More recently, he has championed AT&T’s network-based security strategy, centered around emerging in-the cloud protection services such as Network- Based Firewall and DDoS Defense.

Ed has authored numerous research papers, articles, and five books on information security, including the recently published “Cyber Attacks: Protecting National Infrastructure”.

He is the 1999 winner of the AT&T Labs Technology Medal for his contributions to large-scale intrusion detection and in 2010, Ed was elected an AT&T Fellow.

Ed holds M.S. and Ph.D. degrees in computer science from the Stevens Institute of Technology and is a graduate of the Senior Executive Program at the Columbia Business School. He has served as an Adjunct Professor in the Computer Science Department at Stevens for the past twenty two years, and his work has been featured by the Wall Street Journal, CNBC, Network World and the New York Times.

View more security tips on AT&T’s Tech Channel

The AT&T Tech Channel is a video portal for the technophile in all of us. The site features shows that span today’s technological ecosystem, including in-depth examinations of industry pioneers, hands-on product reviews and the late night talk show-style “Hugh Thompson Show.” There’s something here for everyone, from the curious newbie looking for a laugh to the Twittering network engineer who wants the latest tips on securing a network.

View more security tips on AT&T’s Tech Channel

The AT&T Tech Channel is a video portal for the technophile in all of us. The site features shows that span today’s technological ecosystem, including in-depth examinations of industry pioneers, hands-on product reviews and the late night talk show-style “Hugh Thompson Show.” There’s something here for everyone, from the curious newbie looking for a laugh to the Twittering network engineer who wants the latest tips on securing a network.

View more security tips on AT&T’s Tech Channel

The AT&T Tech Channel is a video portal for the technophile in all of us. The site features shows that span today’s technological ecosystem, including in-depth examinations of industry pioneers, hands-on product reviews and the late night talk show-style “Hugh Thompson Show.” There’s something here for everyone, from the curious newbie looking for a laugh to the Twittering network engineer who wants the latest tips on securing a network.

View more security tips on AT&T’s Tech Channel

The AT&T Tech Channel is a video portal for the technophile in all of us. The site features shows that span today’s technological ecosystem, including in-depth examinations of industry pioneers, hands-on product reviews and the late night talk show-style “Hugh Thompson Show.” There’s something here for everyone, from the curious newbie looking for a laugh to the Twittering network engineer who wants the latest tips on securing a network.

View more security tips on AT&T’s Tech Channel

The AT&T Tech Channel is a video portal for the technophile in all of us. The site features shows that span today’s technological ecosystem, including in-depth examinations of industry pioneers, hands-on product reviews and the late night talk show-style “Hugh Thompson Show.” There’s something here for everyone, from the curious newbie looking for a laugh to the Twittering network engineer who wants the latest tips on securing a network.

View more security tips on AT&T’s Tech Channel

The AT&T Tech Channel is a video portal for the technophile in all of us. The site features shows that span today’s technological ecosystem, including in-depth examinations of industry pioneers, hands-on product reviews and the late night talk show-style “Hugh Thompson Show.” There’s something here for everyone, from the curious newbie looking for a laugh to the Twittering network engineer who wants the latest tips on securing a network.

Let the thinking begin!

View more security tips on AT&T’s Tech Channel

The AT&T Tech Channel is a video portal for the technophile in all of us. The site features shows that span today’s technological ecosystem, including in-depth examinations of industry pioneers, hands-on product reviews and the late night talk show-style “Hugh Thompson Show.” There’s something here for everyone, from the curious newbie looking for a laugh to the Twittering network engineer who wants the latest tips on securing a network.