Three mobile device risks that businesses face

This is a sponsored post by Dimension Data. Find out about the critical gap that exists in enterprise mobility in its Secure Mobility Survey Report.

With literally hundreds of millions of mobile devices shipped each year, smartphones and tablets have eclipsed the shipment volumes of traditional desktops and laptops. Indeed, I have written a number of articles on mobile devices in the last few months. This ranges from why enterprises cannot afford to ignore mobile, to more practical advice such as how organizations can integrate mobile devices into their businesses.

The topic of manageability aside, the other key concern of BYOD devices revolves around the theme of security. However, this may not be necessarily intuitive to non-technical managers or executives, leaving it harder for IT managers and CIOs to gain buy-in for managing mobile devices. With this in mind, I thought it’ll be a good idea to highlight some specific security risks that businesses face with mobile devices.

No device password, device timeout

We are all creatures of convenience, and tend to procrastinate when it comes to setting a proper device password on our smartphones if left with a choice. Even with a password, a minimum level of complexity is required, coupled with a reasonably short timeout to prevent unauthorized access in the event of a lost or stolen device.

However, forcing employees to show that their devices have a device password is demeaning and inefficient, and can be easily circumvented anyway by setting it back after the check. As such, this is best enforced via the use of IT policies implemented using an appropriate MDM (Mobile Device Management) solution.

Storage encryption not enabled

Though it is an important first step, a device password may not necessarily be sufficient to stop a determined hacker from recovering confidential data from a mobile device. This is especially problematic for devices that supports flash memory cards, which can removed and accessed from another device.

Fortunately, storage card encryption has become a basic feature for the top mobile platforms today. It must first be enabled, of course, and the encryption key should be backed up in a separate location so that its contents can be accessed even if the original mobile device is no longer functional.

Wi-Fi spoofing

Many users join unsecured Wi-Fi access points at coffee shops or airports overseas for free Internet access. Unfortunately, this opens them to access point spoofing and other man-in-the-middle attacks. If successful, this can allow hackers to spy on or even steal login credentials for websites accessed without the use of SSL.

Finally, do note that wireless beacons emitted by Wi-Fi enabled devices can be captured and leveraged by in-door positioning technology. As such, the simple act of Wi-Fi could result in the inevitable leakage of the current device location whether you like it or not.

This is a sponsored post by Dimension Data. Find out about the critical gap that exists in enterprise mobility in its Secure Mobility Survey Report.