With headline after headline featuring security breaches, even at organizations whose business model is to securely house data, business leaders are rightly concerned. While securing in-house PCs and servers has proven to be difficult enough, the exponential expansion in the use of mobile devices like smart phones and tablets to conduct business has increased the complexity.
Software Development Operations Lead Wes Dumond and Senior Software Developer Huan Truong of SuprTEK’s Team ADEV recently gave a presentation on business mobile security to the Leadership Council Southwestern Illinois – a coalition of leaders in business, industry, labor, education, and government focused on assisting business and driving economic development in the Illinois Metro East area of the St. Louis Region.
The largest issue with mobile security may simply be a lack of awareness of the risks associated with employees using their phone or tablet to access data and proprietary information. The expanding culture of BYOD (Bring your Own Device) in the business world can leave organizations vulnerable, especially if an employees device is lost or stolen (a common source of breaches associated with mobile devices), they are careless about the applications they install (a surprising number contain spyware), or they fail to take basic security precautions.
In fact, an overwhelming majority of businesses who allow their associates to access their business systems via smart phones or tablets do not have any policies or guidelines for their employees to follow for using their mobile devices for business. While often unrecognized, the number of viruses and malware associated with smart phones is rising rapidly. Basic precautions to deal with these threats are needed as well.
Mr. Dumond’s and Mr. Truong’s presentation focused on recognizing and assessing the risks associated with mobile device use in a particular business, then taking common sense steps to mitigate or address these risks. Every business is unique in its security risks, and should create a tailored approach to deal with them. However, there is some commonality in the broad approach businesses should take in dealing with the security threats mobile devices present. Examples are basic risk management techniques (such as a severity vs. likelihood matrix) and creating purposeful polices and guidelines to deal with potential threats.