Apr
1
WRITTEN BY:
Ben Kirton
Thursday, 1 April 2010
Should we care about mobile phone security? As a business? As an individual?
In the days when your mobile phone only contained your contacts list and your text messages, the answer was, ’not really‘. The majority of ‘security’ issues came from jealous partners reading your texts and getting the wrong (or sometimes right) idea about a communication with an ex or a friend.
Smartphones have made the situation dire—for individuals and for companies.
Smartphones provide the ability to store your entire email inbox on your mobile device. For an individual, this can be an issue if your smartphone is lost or stolen. And that’s just for starters.
Imagine the contents of that email inbox combined with access to: your Facebook account; your web-browsing history; your voice call history and phonebook; your SMS messages; your Twitter tweets and followings; your photos; your music library; your calendar; your RSS feed preferences; your pizza ordering habits; your eBay listings, searches and purchases; your bank name (but less likely your details); and your instant messages.
Many passwords can be guessed based on statistical analysis of a person’s demographic. And god help someone if they use password hints like ‘what was your first teacher’s name?’ With a birthdate, schools listed in Facebook or Friends Reunited, and a Google search, it isn’t hard to figure out what teacher taught kindergarten at a person’s school in the year they were most likely there. Maybe a few guesses and the new ‘you’ has your passwords reset and access to your online accounts. Other questions, such as your mother’s maiden name, can be even less difficult to guess.
Can you see how a very complete picture of someone’s identity can be built and then stolen? Can you see how a company’s intellectual property (IP) might be vulnerable?
You need to use common sense. Put a PIN on your smartphone. It’s not going to stop a dedicated hacker but it will make the device less valuable to the casual thief.
For business, the security options available vary greatly between smartphone brands and devices, with some having no tools or options to assist and others being built on the very premise of having these tools.
The business tools exist to ease deployment and protect companies from their users, who are almost always the weakest link in the security chain. The tools enable companies to enforce PINs and passwords and allow the triggering of a remote wipe (reset) of the device.
Many companies need to be able to secure their IP when it is walking around on the street in a device that is easily stolen or lost. How important this is depends on the company but, to-date, it is a shame that more vendors do not provide a centralised management and control platform.
Some vendors will never provide one as it is not in their business model, and some are hurting their own market share by not providing such a platform. Maybe this year will see the release of these platforms. Competition is a great thing, and we all hurt when it isn’t there.
For those devices that contain our companies’ IP, treat them with respect and secure them. For those devices that contain our identities, maybe we should understand what that means and treat them accordingly.