A white paper written by not-for-profit IT security association ISACA claims to show that smartphones and other high-end mobile devices pose a serious threat to confidential information, since they effectively allow insider access to the company IT network.
The use of wireless networks, which are typically less secure than wired networks, leaves information at greater risk for interception.
Mobile devices, says the research, can also be the targets of malware attacks as employees carry them beyond the protection of their company’s network. Lack of enterprise control of physical devices, along with the growing practice of employees using personal devices for business, has increased mobile device risk levels.
According to Christos Dimitriadis, the lead author of the ISACA report and a respected technology expert in Greece, the threats posed by smartphones are very real since the handsets are now coming under attack by a new generation of malware.
So what is the solution?
Dimitriadis says that the answer is a holistic approach to defending the company resources against smartphones, since malware and data leaking issues are problems that can be countered using a positive approach to security.
Whilst authentication and encryption clearly have their place in the mobile security arena, the ISACA professional says that a governance framework such as ISACA’s COBIT or Risk IT will help businesses to ensure that process and policy changes are implemented and understood.
The white paper goes on to say that mobile technology can offer enterprises several highly valued benefits – from increased productivity to better customer service – but it is important to recognise that these benefits can be realised only if the enterprise manages the technology effectively.