As recently reported by InformationWeek, a study conducted by market researcher Ovum and the European Association for e-Identity and Security found that eight out of 10 CIOs believe using smartphones in the workplace increases their firm’s vulnerability to attack. Although these CIOs rank data breaches as their top related security concern, half of the organizations acknowledge that they fail to provide some basic security measures for the use of smartphones.
This report should be of major concern to doctors and lawyers — two groups of professionals that rely heavily on the use of smartphones to manage their workloads. At the very least, an easily applied security precaution for smartphones should be the use of a strong password that is changed every 60 days or sooner. Two-factor authentication is preferable. Users should back up data regularly and not have it remain solely on a mobile device – unfortunately, default settings can have the communications emanating from your mobile device remain resident solely on a mobile network. Make sure your mobile device is equipped with anti-virus protection and if you receive an e-mail from a company or person that you’re not familiar with, do what you do on your work computer – just delete it. Use your idle timer feature to lock down your smartphone as you would your laptop.
If you have an IT support team (in-house or outsourced), make sure it keeps your operating system and server patches up to date and strictly enforces what applications can be used and what connections can be accessed. What OS is even used may impact security. For example, researchers have recently discovered flaws in the WebOS smartphone platform that could let an attacker build a mobile botnet or execute other remote attacks. More advanced security features include the use of remote wiping applications, encryption and data loss/leak prevention tools.
Notwithstanding the fact it can also place a call, the key to improving your security posture is to respect the fact your mobile smartphone is now no different from any other computer you use at work. Act accordingly.