Using a laptop
without antivirus and malware protection is almost unthinkable these days. We
know that cyber criminals are constantly getting smarter, more sophisticated
and more brazen in their attacks, yet individuals and businesses alike seem
more concerned with protecting laptops that are used only for a few hours a day
and often neglect to protect their smart phone which lives with them 24 hours a
day.
The use of smart phones have increased significantly and are
often adopted en-masse by end-users for convenient email access as well as by
managers and executives who need access to sensitive business resources from
their device of choice. Smart phones and tablets have even become critical
access tools for a wide variety of production applications from Enterprise
Resource Planning (ERP) to project management. For all of their convenience,
however, the pervasive use of mobile devices in the work place and beyond has
brought a new set of security risks.
As reliance on these devices has grown exponentially,
organisations have quickly recognised that smart phones and tablets need more
security than just a simple screen protector and a passcode. Most smart device
manufacturing companies have realised the importance of including protection
against hacking, the strongest of which is still perceived to be Apple iOS.
This is because the way an Apple device works is by default not to allow root
access to a device to anyone outside of the Apple Corporation. If an application
is trusted by the system, then it can be trusted by the end-user. Apple’s
innate security is not fool proof, and there are unfortunately there are ways
of bypassing these security measures, albeit voluntarily. Devices that are
“jailbroken” are susceptible to hacking, as the individual has chosen to expose
their device by breaking open the operating system.
Android devices are the most obvious choice of target for
mobile hackers, as Android is the smart phone market share leader by far and an
operating system that was originally open source. It’s easy to gain root access
on an Android device, and because there is no such thing as jailbreaking for an
Android device, hackers have expended much time and effort into creating
applications specifically to make it easier to gain control over the device.
The re-emergence of the mobile banking Trojan known as Acecard highlights the
growing risks associated with Android devices and the need for banks and mobile
app developers to do more to protect users’ accounts.
The third-most popular platform is Microsoft Windows Mobile
and despite the fact these devices make up such a small portion of the market
share, they’re still a viable target because they’re based on the Microsoft
platform.
Why is mobile hacking a problem? In addition to containing a
fair amount of personal and corporate information, most of these devices can
connect to different business environments and systems, so it’s the obvious
choice. For an individual looking to hack a network, it’s much easier to hack a
mobile device that has full access to that network than to hack the network
itself. It’s now possible to hack certain devices simply by downloading a tool,
targeting a device and taking it over.
Protecting mobile
devices used in an organisation’s network
To secure the mobile workforce, IT security professionals
and business executives need to look at the effect mobility has on the business
risk profile. This requires examining the device, data, applications and
transactions that will be utilised and performed while mobile as a whole,
rather than examining them individually. Together IT and business need to find
a balance between usability and mitigating risk in creating a practical mobile
security framework will facilitate productivity gains and enhance employee
satisfaction while limiting the exposure to business-critical information and
assets.
The biggest challenge as far as mobile protection is
concerned is to understand what a mobile device is required to do. From a
corporate point of view, it is prudent to offer controlled and limited access
from a mobile device – only what is absolutely necessary. The most common
demands are email and business applications, so that access can be granted and
controlled at a network level. If access is required to business-sensitive data
or applications like the financial system, for example, it is now possible to
offer biometric access control authentication, as most devices now offer a
fingerprint reader.
To protect against physical threats, an organisation can
make use of Mobile Data Management or Enterprise Mobility Management solutions
to manage devices, enforce passcodes, remotely wipe them in case of a
compromise and enforce a comprehensive set of BYOD, security and compliance
policies.
Source: itnewsafrica.com
No comments:
Post a Comment