Are Your Employees Using Smartphones? Here are Some Security Gaps You’ll Want to Close

Using a smartphones has become a great tool for employees to access company resources – virtually a portable office. However, these smartphones operate more like a computer than a phone and come with similar risks since they browse the Internet: viruses and other security, just like a computer. These smartphones need to be protected against malicious threats, and your IT staff needs to be careful with company-issued phones and how they access your company’s network.

Infotech has released a list of the vulnerabilities in mobile devices – and suggested patches to reduce the exposure.*

1. Phishing Attacks (voice and text message) – a prerecorded message/text alerting users to a potential breach of their account information, with a prompt to call and verify their account information. Credit card fraud appears to be the primary topic of the attacks, with credit unions being the businesses most hurt.
2. Malware – the capability to download malicious files, detect internet connections or establish new ones, undertake URL redirection and carry out phishing attacks. A recent attack involved a virus in Windows smartphone video games that would dial premium-rate telephone services in foreign countries, charging hundreds of dollars in a single month.
3. Physical Security – losing an unsecured company smartphone means giving away easy access to important personal and company-based information.
4. Third-Party Access – Nearly 20 percent of smartphone applications allow third parties to access private information, even automatically dialing a phone number or sending a SMS without the user’s knowledge. Geographically based services are a great way to get directions and information on local businesses, but if this information is being published globally, it can be a gold mine for advertisers, stalkers and thieves, according to Infotech.

What can you do to protect your users and your network?

1. Educate Users - Train your employees to recognize phishing scams before they respond to them.
2. Document and Publicize Mobile Rules – Clearly document and publicize corporate policies for anyone who touches your network in house or remotely. Create different policies for different user groups and distribute directly to employees. All employees should review and sign off on the policies.
3. Manage Inventory – it is essential to implement a management software to track, configure and secure mobile devices as well as detect unauthorized devices. The tool must track updates, applications, targeted deployments, provide assistance with hardware/software issue, and finds and locks down lost devices. You also need to manage authorization and capabilities of devices, along with permissions behind the firewall.
4. Mobility as a Service – managed mobile device management, mobile security and application security through an established carrier may be a good option and be a less drain on your internal resources.

In any event, the most important factor is to protect your network from the vulnerabilities of the smartphones. Educating users to the dangers of phishing and malware, and establishing policies and enforcing them will assist in protecting your network, but be diligent in protecting the phones and your network with virus protection as well.

If you would like information on how to work with smartphones and your network, or in protecting your network with our smartSECURITY program, contact us here or call 800.328.9299.