By Adeline Teoh, ASM.
When is a telephone not a telephone? When it’s smarter and more portable than computers were 10 years ago. Symantec’s Craig Scroggie on security grey areas in the age of the handheld smart device.
Once upon a time the biggest security risk you might attribute to a telephone would be information leakage via wire-tapping; think Cold War espionage and the Watergate scandal. The second was probably lightning strike if you used the phone during a storm. These days, with telephones likely to be akin to handheld computers such as smartphones and tablets, mobility is one of the key concerns for IT security experts. Craig Scroggie, Symantec’s managing director and vice president of the Pacific region, outlines four reasons why increasing mobility is the new battleground.
1. Personalisation of work devices
Smartphones have now become a hub of communication. We talk, text, email and update social media from our phones and more often than not store contact information, and sometimes our friends’ and colleagues’ personal details, on a mobile device. The dangers of third party interception have already been acknowledged, however it isn’t just News International-style phone hacking that’s a concern, it’s the blurry line between an individual’s work and personal life that’s posing some questions.
“If you have one device, is it the company’s responsibility to protect the work email but also all the personal communication that goes along with that? Companies want to be able to push their IT policies to users’ mobile devices. I want to know that if you’re going to access a corporate network, that your device has a security certificate on it, that the device is encrypted, that passwords change every 30 days,” says Scroggie.
“Whether you like it or not, you have to find a way to protect employees and enable them to use the technology they want to use. In the past, companies used to say ‘use this device’ or ‘use this platform, it’s all we support’ but that has changed so rapidly. There are few companies out there today that can afford to have that strategy.”
2. Lost without you
“It’s a lot easier to lose a phone or tablet than it is a laptop,” Scroggie notes, and what you lose when you misplace a mobile device or have it stolen is more than the next date on your social calendar. Mobile security best practice now extends to protection of lost/stolen devices, which includes remote locking and data wiping. However, one area that’s often ignored is preventing data loss.
Companies are now obliged to back up and store communications, “whether it’s a text message, an email from a work account or personal account, a tweet,” says Scroggie. “Gartner has said that by 2013, almost 50% of companies will need to enter social communication in some form of evidence in a court case.”
3. Identity crisis
Think identity fraud is just limited to scam emails? Think again. A number of corporations, including banks, are using mobile communication for second factor ID authentication, for example where you make an online payment and the bank sends you a text with a separate code you need to enter to complete the transaction. If a cybercriminal already has your login details, all they need to do is hijack your phone to finish the job.
To read the full story, go tohttp://www.australiansecuritymagazine.com.au/subscribe/ and purchase a subscription today!
