Securing Smartphones


by Samuel Greengard

Mobile workers love their smartphones, but the devices bring a host of security risks. Employees access data from public hotspots, they load rogue apps, and they carry (and sometimes lose) their phones on planes, trains and automobiles.

IT departments are getting smarter about putting protections in place, but there's a long way to go. Many organizations still don't monitor apps on these devices, many devices still aren't password locked, and many businesses don't use any type of endpoint security to track the movement of data on mobile devices, including smartphones.

So far, IT departments have mostly had a free pass. The bad guys have written few viruses targeted at smartphones and users haven't yet begun to store all their data on them.

The situation will likely change over the next couple of years. Expect to see malware targeting phones, new phishing schemes, illicit GPS tracking, and more frequent attempts to steal passwords and other data over the air.

Survey after survey indicates that lapses are common and the holes are frequently bigger than Swiss cheese. Symantec reports that 62 percent of smartphone users plan to access sensitive work data while they're out of the office. Only 18 percent have a clue what the license agreement says on the apps they load. And 29 percent said they are "very likely" to open an unsolicited text message from an unknown sender.

There are no easy answers. But, among other things, IT departments must to a better job of monitoring apps employees use, educating employees about risk, staying current on threats, tapping encryption, installing the most recent patches, and introducing policies--as well as targeted technologies--to minimize risk.

Welcome to the 3-D chess game of mobile security.