Mobile security has become a hyper-sensitive topic in many business conversations today. A CIO magazine article headline in January proclaiming “Mobile Attacks Top the List of 2013 Security Threats” echoes this sentiment and a report by Ponemon Institute states 60 percent of breaches are attributed to mobile devices.
I ask myself: with so many breaches occurring, what is the basic assumption we – myself included – have about mobile device security? It appears that we believe the device in our hand is trustworthy, reliable and available for use anywhere, at any time. Isn’t that what all the advertisements say? To a large degree the claims are true. However it appears that we make grave assumptions about mobile device security, and as a result, are not as careful to protect the device and its content.
When you consider that many employees are now using personal mobile devices for work, these assumptions about device security can directly affect organizations because device behavior may not change once the employee enters the workplace. So whether the employee is given a corporate-owned device or brings their own (a trend known as BYOD), their lack of knowledge and assumptions about the device may led to increased security risk for the organization.
What makes a mobile device vulnerable?
So what are we doing (or not doing) that makes a device vulnerable? I think there are five basic assumptions that make the mobile device less secure – some of us have even been guilty of them one time or another:
1. A device password is inconvenient.
This is the basic way to protect the device and yet, recent studies shows that about 30 percent of mobile device users simply don’t put a password on their device. (I can raise both my hands to this one.) If you don’t have a password and are accessing corporate information, you are putting your organization at risk.
2. Wi-Fi is safe.
Mobile users access public Wi-Fi when they are out, not realizing even public Wi-Fi with passwords can pose risks. Others may be able to peer into your device without your knowledge.
3. All apps are trustworthy.
Some assume that all applications are legitimate, however criminals increasingly use fake applications as way to compromise devices.
4. Device updates are not critical.
Most devices periodically send software updates, yet not all users proactive activate the updates, leaving the device vulnerable to the latest malware attacks.
5. It won’t happen to me.
This is probably the worst assumption, as devices are not only breached or stolen, but lost out of sheer human error. Once a device is lost or stolen, all personal or organization data is now vulnerable to misuse.
By no means am I suggesting that users should stop using Wi-Fi or downloading applications. Rather, we should take precautions when using mobile devices versus making assumptions that the device is inherently protected, because in reality, it is not. There will always be the “human factor” element – not everyone will take the same level of precaution when using their device. As a result, it would be wise for organizations to realize the need to protect their data rather than rely entirely on employees.
Solutions such as mobile device management (MDM) offer basic protection for organizations while allowing employees to maintain productivity away from the office. Mobile device management continues to evolve to not only protect the device, but also the applications and content, which is evolving into mobile enterprise management to encompass the holistic mobile strategy. Individual users should be mindful of security precautions when using mobile devices, but if all else fails, organizations should protect their critical data before they expose themselves to serious consequences.
What makes mobile security important? What do you think about your organization’s efforts to be proactive in protecting data — yours and theirs?