Given the vast range of potential mobile security problems looming on the horizon, there’s no such thing as absolute security. New threats and challenges appear with discomforting regularity, so eternal vigilance is the order of the day.
This reality brings a corresponding responsibility: It’s vital to check every assumption regarding security, and to recheck each on a regular basis. Security is one aspect of IT where no one is ever truly “done.” Here are three widespread beliefs that warrant reconsideration:
How does one really know what a given app might be doing? It’s almost impossible to find out exactly what information a given app might access. Fake and malicious versions of popular apps are quite common. Don’t think that approval by and residence in an official app store provides any form of assurance against malware or other security dangers.
All of this calls into question exactly what, in fact, a “trusted” brand might be. While there’s no absolute defense here, mobile application management software coupled with mobile content management forms the basis of a good strategy. Educating users to be careful as to what and where they download also helps.
In fact, SMS, or Short Message Service, is a key vector for the distribution of mobile malware. While modern cellular protocols encrypt data sent over the air, the carriers themselves provide no guarantees of security. Opportunities for compromise on the wired part of the network, after the over-the-air encryption is removed, are well known.
For this reason, be cautious about any SMS, instant messaging or similar service. Because these services don’t provide tracking or auditing, management has no visibility into precisely what information might have been exposed.
While instant messaging is undeniably convenient, organizations seeking security should only deploy this capability as part of an enterprisewide unified communications strategy.
Today’s smartphones and tablets are best regarded as computers in their own right. And just as no one would operate a PC without a suite of firewall, anti-virus and anti-malware tools and services installed, the same advice is appropriate for handsets and tablets.
This is particularly true in the era of bring-your-own-device initiatives, where users will download whatever strikes their fancy without regard for the potential consequences of malware. Mobile application management can be very useful here as well.
Good security practices include policies, strong authentication, data encryption, user education and training, regular reinforcement and, ultimately, building a culture of information security and integrity.
The three challenges outlined above are by no means the only mobile security myths floating around. But with the right strategies, policies, tools and solutions, achieving the proper balance of convenience, protection and productivity is within the reach of all organizations.