 "Keeping Your Mobile Workforce Secure")
The age of mobile workforces arrived a few years ago when more and more desktop PCs began being replaced by the versatile workhorse known as the laptop computer. More recently, thanks to the proliferation of handheld devices such as PDAs and smart phones, many now prefer to be even closer to their work tools - some literally attached at the hip – in order to stay connected 24/7, regardless of location.
This explosion in the mobility market is a clear indication that organisations of all sizes are putting greater value in communication devices that remove the proverbial ‘walls’ of a traditional office space, and free employees to conduct business any time, any where. Be it any airport lounge, golf course or grocery store in Canada, at this moment, thousands of e-mails are being sent back and forth, critical numbers are being crunched and important meetings are being conducted.
Convenient as they may be, mobile devices also carry potential security risks. As online attackers adopt more sophisticated techniques to infiltrate an organisation’s computing infrastructure, wireless communication tools, which in many cases hold business-sensitive data, are becoming inevitable targets.
Critical business data is being disseminated through wireless networks more than ever. But how many organisations are taking the necessary precautions to ward off potentially devastating attacks on employees’ PDAs and smart phones? According to a Symantec survey conducted by the Economist Intelligence Unit, 75 percent of companies have not addressed mobile security.
Furthermore, the most recent Symantec Internet Security Threat Report (a semi-annual review of threat activity over the Internet) indicated that spam and phishing will increasingly target SMS (Short Message Service) and MMS (Multimedia Messaging Service) on mobile platforms, indicating that cyber criminals are quickly changing their tactics to exploit new online opportunities.
While knowing how to protect mobile devices is essential, it is necessary for organisations to first become familiar with the tactics cyber criminals are using to compromise corporate information.
Snoops and Pranksters
Commonly known as spy software used by suspicious parents, spouses or employers, Snoopware is increasingly gaining popularity amongst hackers as a way to remotely access a smart phone in order to activate the microphone feature and listen to private conversations or confidential corporate meetings. Such software is also capable of viewing a calendar and list of contacts on a handheld device, making it easier for a cyber criminal to know exactly which meetings are worth eavesdropping in on.
Pranking4Profit is a new class of attacks intended to steal money (as opposed to data) from compromised terminals. This type of crime ware uses what is known as RedBrowser to infect the phone and send premium SMS messages from the device to a website that withdraws money from a bank or credit account before the user or network becomes wise. Another type of Pranking4Profit attack places a call to a device, begins a conversation, and then drops the call. Once the user returns the call, they are connected to a premium number, which charges them for the connection.
As handheld devices continue to combine personal and corporate networks, they become growing targets of attack for financial gain, particularly for cyber criminals, who can establish a lucrative revenue stream by leveraging premium SMS viruses to drain users’ accounts.
Nowadays, as companies become more vigilant about locking down their internal network perimeters, hackers are turning their attention to mobile devices as the path of least resistance to malicious activity. As mobile technology develops to include applications such as payment tools that can be used at a cash register or on the Internet, these devices will grow in value for criminals.
Traditional IT departments are now faced with new challenges as more and more mobile devices assume the capability of PCs. Some businesses are beginning to create centralised IT mobile security policies to address the potential risks handhelds pose to corporate networks. Left unprotected, PDAs and smart phones represent the weakest security link in an enterprise, which can lead to a compromise of the entire network.
Taking Security Apps on the Road
Although mobile operating systems are continuously improving in capacity, capability and security, enterprises need to go even further to enhance corporate handhelds with features that will make the devices more difficult for cyber crooks to penetrate.
For organisations, a fully secured PDA or smart phone can open up a new channel of revenue and offer users a host of rich media content, transaction services and access to corporate data, without security worries.
By implementing a combination of security best practices together with increased effective protection technologies, companies can safeguard critical business tools while still allowing users to enjoy the benefits of mobile computing.
Today, many top tier PC security providers are helping enterprises address mobile vulnerability issues by offering integrated technologies that focus on the expanding ecosystem of both known and unknown mobile security threats.
PC-level security and data protection for mobile devices include:
Antivirus – Detects mobile threats immediately and prevents users from accessing an infected file. IT administrators can schedule regular virus scans and updates.
Firewall – Controls both inbound and outbound network traffic and protects the mobile device from Internet attacks while also guarding privacy.
Anti-SMS Spam – Automatically filters and deletes spam messages, or places them in a separate spam folder.
Loss Mitigation Technologies – Encrypts data as well as memory cards on the device in the event it is lost or stolen. A data wipe tool erases all data after a maximum number of consecutive failed login attempts.
Phone Feature Control – Allows IT administrators to enable and disable certain device features, such as Bluetooth, WiFi and device synching. This limits security vulnerabilities and potential attacks by only providing access to those features required for business.
Tamper Protection – Verifies that the device’s image and security applications have not been tampered with or altered prior to allowing network access.
Virtual Private Network – Ensures that users are connecting to the corporate network via VPN is also important in protecting wireless data transmissions from intruders.
The possibility of always-on wireless connectivity of smart phones and PDAs will continue to make mobile devices tempting targets for cyber criminals. As organisations increasingly adopt new mobile technologies, they need to deploy the appropriate security measures on the front end, rather than leaving it as an after-thought.
_Verma is director, Channels and Alliance, Symantec India.
_
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
