As mobile phones, smart phones, PDAs, laptops, BlackBerrys and other mobile gadgets spread across the business landscape, CFOs are finding themselves working with CIOs and IT managers to fight an ongoing security war. Lost and stolen devices, porous wireless links and devious employees are among the threats facing enterprises with roaming workforces.
The problem is sneaking up on many CFOs, who often only become aware of it when valuable data is lost or compromised, says Richard Morgan, a director at Sybase, a mobile and wireless enterprise software company in the US. “Mobile device adoption is growing, and this could represent a security threat to enterprises if not managed correctly,” he notes. “The devices that are being deployed are growing in power and capability — with this come added risks.”
Lost, But Not Forgotten
While the potential exposure of mobile-phone users to the dangers of an attack is low, all laptops, smart phones and other mobile devices capable of storing sensitive data can be lost or stolen. So it’s good insurance to secure the data with encryption software, says James Moran, fraud and security director of the GSM Association. Encryption tools are available from numerous vendors, including Smobile, PGP, TrueCrypt Foundation, Data Encryption Systems, SJ NAMO and T3 US.
But Khoi Nguyen, mobile security group product manager for US software security company Symantec, believes that encryption needs to be combined with other safeguards to keep data fully secure. Companies “should use security software that includes antivirus, firewall, data encryption, password protection and device feature blocking,” he says. Symantec, Sybase, McAfee, Trust Digital and Trend Micro are among the many vendors offering mobile security that provide these capabilities.
Philippe Winthrop, business mobility solutions analyst for Strategy Analytics, a technology research firm, suggests that mobile devices should also be “hardened” to prevent users from modifying settings and disabling security technologies when out of the office. “If you don’t know how to do this, find a security expert who can help you make your units tamper-proof,” he says.
Businesses might also want to consider a service such as CompuTrace which uses global positioning system (GPS) technology to track lost or stolen laptops. As soon as someone in possession of a missing laptop signs on to the internet, CompuTrace activates and notifies the police. If the thief doesn’t use the laptop to log on to the internet, or if the laptop can’t be located by authorities, laptop data is still safeguarded by encryption. The mobile device can also be remotely directed to automatically wipe its hard drive clean, thus protecting the information all the same.
Confidential business information isn’t only threatened by lost or stolen mobile devices. Thieves can also whisk data away via wireless means. Wi-Fi networks, which allow devices within a 100-meter radius of a hot spot to access the internet, are particularly vulnerable to attacks. Smart phones and PDAs are now becoming, in essence, permanently attached to corporate networks. Someone can compromise a mobile device from a distance and use it as a gateway to a network without the operator even knowing that it’s happening.