Small Business Mobile Security And A River Named Denial

As Chief Security Officer of AT&T, I can see clearly that cyber security threats are constantly evolving and becoming ever more sophisticated. And nowhere is this more apparent than in a business environment that relies on mobile devices and BYOD.

It may be easier to see mobile security as a concern for those of us responsible for the real-time protection of massive enterprise networks, but the threats are no less real for small businesses. In fact, according to Price Waterhouse Coopers, seven in ten small businesses go out of business within a year of a severe data loss.

Earlier this week, we released results of a survey, conducted by AT&T and the Center for Interdisciplinary Studies in Security and Privacy (CRISSP) at NYU-Poly, looking at the attitudes and current practices of small business owners regarding mobile security.

Although 82 percent of small businesses have taken steps for securing company laptops, only 32 percent are taking measures to secure smartphones – which are now more often than not, employee-owned.  Unfortunately, all the well-publicized cyber security threats known for laptops and desktop computers are eclipsed by the emerging cyber security threats on mobile devices.

Hackers are turning their attention to wireless platforms to exploit their popularity and any potential vulnerability. Unfortunately, the unique capabilities of mobile devices – GPS, mobile applications, WiFi, Near Field Communication (NFC) – all compound potential new threats and come with multiple new points of entry for cyber attackers.

Take the example of tablet computers, which are rapidly replacing the PCs that busy executives carry everywhere as their mobile business desktop. Because these devices are relied on for extremely sensitive transactions, including confidential business discussions and preparations, and also banking, mobile payments, and other private personal business, they are increasingly attractive targets for cyber criminals.

With 59 percent of small businesses saying they rely exclusively on mobile devices, it’s more than troubling to see so many of them don’t have the necessary security protocols in place – or they’re unaware of the security concerns introduced by BYOD.

Many small businesses look to a Managed Security Service Provider (MSSP) for help because they don’t have the internal expertise to deploy and manage security controls that can quickly morph and adjust to the constantly changing threats.  Just trying to understand the full extent of your risk profile can be a major challenge for a small business without a dedicated security team.

Partnering with an MSSP can help compensate for the lack of internal security expertise and keep your organization ahead of the changing landscape.  At AT&T, we see a trend among SMBs toward cloud-based services due to their advantage of simplicity, no required capital expense, ease of maintenance and access to security experts.

As a small business, what are you doing to shore up mobile security?
Ed Amoroso Chief Security Officer AT&T About Ed