As mobile access to sensitive corporate information becomes more popular and the number and type of mobile devices used to access such information increases, security becomes a problem most companies will have to deal with if they are not already doing so.
The number of mobile devices in use has overtaken that of fixed devices with about 1 000 new subscribers to mobile each day. Cellphones, PDAs and 3G networks are indispensable to the business world and they are pushing the boundaries of the enterprise IT infrastructure further than the security infrastructure can reach at this time.
Mobile viruses are increasingly becoming a security threat, particularly with devices that have significant computational capabilities. These devices, in general, are susceptible to viruses in several ways: viruses can take advantage of security holes in applications or in the underlying operating system and cause damage; applications or applets downloaded to mobile devices can be as virus-prone as desktop applications; and, in some mobile open source applications, malformed SMS messages can crash the device.
The 911 virus prompted 13 million i-mode users to place a call to Japan`s emergency phone number! The lesson learnt here is that users should avoid reacting to unknown message prompts.
With the growth of the mobile community, standards have been formed and mobile operators are starting to share their operating systems. The Symbian operating system, for instance, is already being shared among multiple mobile phone vendors. The problem this sharing creates is it gives hackers greater opportunities to take down a number of mobile devices at one time. A hacker`s aim is to crash as many devices as possible so it should come as no surprise when multiple devices are targeted at once.
Viruses are still the top threat to businesses in terms of security - on both mobile and fixed platforms. Viruses have no focused destructive method. They take down whatever, whenever, wherever, which make them very dangerous.
Compounding problems
As if the problems created by mobility were not enough, the signature file for every virus released is getting bigger. It is all good and well developing behavioural based anti-virus to reduce the size of signature files, but the mobile arena has opened up a new playground for hackers. Mobile devices are data devices relying on binary coding. Companies would do well to bear in mind that any binary coded device is open to some kind of threat.
With the evolution of technology, mobile devices have come to possess more processing power making them even more efficient. Phones and laptops have the ability to store more data today than was the case a few years ago. The more powerful and widely used mobile becomes, the greater the security risks.
Most PDAs have the ability to receive e-mail. E-mails invariably contain sensitive information that may put organisations at risk. If mobile devices are attacked the information contained on them is at risk. More importantly, the risk of loss or theft of mobile devices is very high and therefore the risk to sensitive information contained on them should be a cause of great concern to any organisation.
The bottom line when it comes to mobile security, given the nature of the mobile environment, is that there can be no single security solution. Merely extending the existing security infrastructure for mobile devices simply is not practical. Enterprises must treat mobile security as an independent risk. As an independent risk, mobile-usage-specific security policies must be created and implemented.
A comprehensive risk analysis of the potential security hazards associated with the use of mobile devices should be the first step along the path of creating mobile device security policies.
Anti-virus technology should be deployed to protect mobile devices from threats such as worms and viruses. If the anti-virus technology also includes firewalling and intrusion protection capabilities, the devices can be protected when connecting to public networks such as the Internet.
Data is the biggest asset in any company and losing even a portion of it could be crippling. Therefore, advanced data encryption on mobile devices is going to become essential if data confidentiality is to be ensured.
Share
Editorial contacts