Archive for the 'Internal Risks' Category

Next Entries »
26
Oct
10

More on Mobile Security

By John Stengel Leave a Comment
Categories: Employee Deception and Internal Risks

Some people may think I am a prude when it comes to mobile devices and my ideas are antiquated.  Maybe but the research says I am right.  I am not one to just throw facts at people but just consider a few of them.

  1. Mobile malware can completely control mobile devices.  Even dialing numbers and racking up adult line type charges.
  2. In the 1980’s analysts questioned why anyone would want to use a PC for criminal activity.
  3. Over 500 malware programs have been identified for mobile devices, some in the wallpaper on the phones.
  4. Android relies on the carriers and the marketplace to vet applications.  That is much less strict than Windows, RIM and Windows.

If mobile malware can do all of this, don’t you think it could steal PII?  It is time you took mobile security as seriously as you take desktop security.  As Windows XP fades away attackers will look for the next low hanging fruit.

25
Oct
10

Control of Mobile Devices

By John Stengel Leave a Comment
Categories: Internal Risks

In a recent study of mobile security it was found that 33% of employees store sensitive company information on their mobile phones.  In another study 93% of security professional feel that allowing personal phones access to corporate email poses a security risk.  You bet it does!

Central control of mobile devices is the key to corporate security and mobility.  And not just from a password and email perspective but as a data loss prevention measure.  Windows Phone 7, iOS, and BlackBerry all claim to have tight security measures.  But only one of them can have complete control over the device giving the security team the ability to secure it, and remotely destroy it if necessary.  BlackBerry is the winner in case you were wondering.

With us we can send email from our mobile handhelds and they pass the same security checks and encryption checks as any email.  There is no difference to us if we send from a desktop, web mail, or handhelds.  That is security.

There is a big difference in business and consumer devices and the line between them needs to be strict.

21
Oct
10

Another Take on Smartphones

By John Stengel Leave a Comment
Categories: Internal Risks and Risk Management
Tags: , , ,

With the upcoming launch of Windows Phone 7 we all have more than enough choices in selecting a phone.  But in business you cannot choose the phone to give your employees based on what apps it runs or what you can do with it.  The decision has to be about what can you control.

I believe that there is a storm on the horizon in regards to smartphone security.  The trend is to push more of your company information to the end points, including the phones.  Yet these devices are largely unprotected.  Malware has already been found to be able to scrape information from the iPhone.  Malware on phones can turn on microphones, speakers, record conversations and copy data and we are still in its infancy. 

If you allow any phone into your organization you open yourself up to tremendous amounts of risk.  Without you having full control over the device, i.e. what is installed and used on it, you do not have control of your digital assets.

Client records, patient information, account numbers can be scraped right off of unprotected phones and that is just from the digital side.  What if the phone was stolen and the thief had physical access to the data, what control do you have over destroying that device and rendering it unusable?

In my organization we have daily emails bouncing around internally regarding clients, prospects, costs, etc. that I do not want disclosed on the outside.  We have taken the steps to protect our devices because we care about our client’s privacy, but based on what I have found lying at the gym a number of people do not.

At the end of the day you have to choose between feeding your farm or losing millions.

Next Entries »

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 41 other followers

LinkedIn

Follow me on Twitter

  • Take the time to secure every user. Leave no crack in the foundation. The smallest one will lead to bigger issues. xtmtraining.com 12 hours ago
  • We often see companies wanting to secure a portion of their users while leaving the door open for others. This just doesn't make sense. 12 hours ago
Follow

Get every new post delivered to your Inbox.

Join 41 other followers