The Smartphone Threat Landscape
Since the release of the Blackberry in the late 1990s and the later releases of the iPhone and Android-based phones, the enterprise sees these devices as a means to connect its mobile work force to the information workers need. Instant access to corporate data increases the productivity of these road warriors and allows them to maintain constant contact to the home office.
At the same time the very devices that allow real-time connectivity to corporate resources serve as threat vectors for a person with malicious intent. So just how secure is a smartphone? Easily lost smartphones can contain confidential or sensitive data, while the operating systems themselves can be prone to attack from malware or viruses. Corporate IT administrators need to ensure that users of smartphones take precautions to protect their devices and secure their contents.
Much of the security around Blackberry devices does not depend on the owner of the device. The Blackberry Enterprise Server can enforce a number of security features such as password strength and device time-outs. Other user-controlled security features must be enabled to protect sensitive information. The Blackberry provides options to encrypt data, turn off Bluetooth discovery, Bluetooth encryption and remote wipe options. Each of these security features minimizes the risk of data being accessed either remotely or in the event the device is lost.
When the Apple announced the iPhone in 2007 it very quickly became a popular smartphone. The iPhone initially found its niche in the commercial market but very quickly made its way into the enterprise due to its ease of use while allowing access to business services like e-mail. Like the Blackberry, the iPhone makes use of basic security features like screen locks and passwords. IT Administrators can force iPhone users to use a passcode every time they unlock the phone.
A search of the iTunes App Store for security returns over 1,300 apps related to protecting an iPhone. Apps to encrypt data, protect passwords, track lost iPhones or wipe data remotely are available for free or for a small charge to the user's iTunes account.
The new kid on the block, Android, is a smartphone operating system from Google. Unlike Blackberry and Apple, which have control over both the hardware and the operating systems of their devices, Android is an open-source operating system and runs on a wide variety of hardware produced by companies like HTC and Samsung.
Due to its open nature the user must be more vigilant in protecting the device from malware and remote access. The Android market contains over 900 applications dedicated to security in addition to the built-in options. One unique security feature that can be enabled is a pass pattern instead of a passcode although passcodes are considered a better option. A pass pattern requires the user to repeat a pattern on a dot grid to unlock the phone. Other applications like Lookout Mobile Security protects the device from malware and viruses.
Securing Business Smartphones
Essentially, smartphones used in the enterprise should be treated by IT Security like a laptop. The enterprise must enforce password policies and screen locks. The user must be trained in corporate security standards to ensure he or she takes the precautions and care needed to protect these devices from hackers and data loss.
Hines, Matthew. "Researchers Show Off Smartphone Attacks", https://securitywatch.eweek.com/smartphone_security/researchers_show_off_smartphone_attacks.html
Goodchild, Joan. "Cisco: SMS, Smartphone Attacks on the Rise", https://www.csoonline.com/article/497120/cisco-sms-smartphone-attacks-on-the-rise?page=1
Sacco, Al, "BlackBerry Security Basics: Five Steps to Keep Your Smartphone Safe", https://www.cio.com/article/561313/BlackBerry_Security_Basics_Five_Tips_to_Keep_Your_Smartphone_Safe?page=1&taxonomyId=3219
Sacco, Al, "Six Essential Apple iPhone Security Tips", https://www.pcworld.com/businesscenter/article/152128/six_essential_apple_iphone_security_tips.html
Phifer, Lisa, "Top 10 Android Security Risks", https://www.esecurityplanet.com/article.php/3928646/Top-10-Android-Security-Risks.htm
Image credit: jscreationzs / FreeDigitalPhotos.net