Subscribe

Mobile devices - an open door to your IP

Unsecured mobile devices present a virtually open door to corporate data, says Bennie Labuschagne, Director of Cyber Forensics at Cyanre.


Johannesburg, 20 Mar 2012

Unsecured mobile devices, and a lack of control over how they access company information, is a growing problem, warns Bennie Labuschagne, Director of Cyber Forensics at Cyanre, the Computer Forensic Lab.

Labuschagne says companies may go to great lengths to secure their networks, but once they allow unmanaged mobile access to these networks, existing security is rendered pointless.

“Besides the growing threat of spyware on mobile devices, the fact is that staff themselves can use their mobile devices to access and move any information they like from behind the company firewalls and into the cloud,” Labuschagne says.

ITWeb Security Summit

The ITWeb Security Summit and Awards takes place from 15 to 17 May 2012. For more information and to reserve your seat, please click here.

He says the proliferation of mobile devices, many with multiple SIM cards, in addition to the complexity of tracking a mobile workforce, make mobile devices a major risk for enterprises.

“Just look at the price companies are prepared to pay for client lists, competitors' strategic plans and data,” he says. “This information resides on people's smartphones, iPads and tablets, or can be accessed in the cloud. It is only a matter of time before this becomes a major problem in South Africa.”

Tracking the unauthorised movement of data is not as easy on mobile devices as it is on PCs, he adds, so proving a case of IP theft is not always possible when mobile devices were used. “Your average IT department cannot do a forensic audit on a mobile device,” he says.

Labuschagne says one measure to control and track the movement of company data is an effective document management system: “But I don't think even 5% of companies in South Africa have this. Plus, this would only be effective if someone was constantly monitoring it,” he says.

More importantly, he says, effective policies need to be put in place to specify how employees can use and access data, how the enterprise can track and secure its movement, and the privacy users of mobile devices are entitled to when they access enterprise IPs using their mobile devices. Most importantly is the inclusion in the policies of the right of employers to access and investigate these mobile devices, if it contains company data or accesses the company's ICT system.

Labuschagne will address these issues, and assess the security of various handsets, during a talk at the ITWeb Security Summit, in Sandton, in May.

The annual ITWeb Security Summit will take place from 15 to 17 May 2012, at the Sandton Convention Centre. For more information and to book your seat, go to www.securitysummit.co.za.

Share

Editorial contacts

Leigh Angelo
ITP Communications
leigh@tradeprojects.co.za