1.Complacency
Complacency has been the downfall of many great people, countries and companies; in the mobile Internet device (MID) security space things are no different.
While the devices are new and the trend still finding its place in the corporate world, Sophos head of technology for Asia-Pacific, Paul Ducklin, claimed the risk of falling into a false sense of security with MIDs was real.
“Many users of ‘minority platform’ Internet-enabled technology – which pretty much means non-Windows these days – seem to be complacent about computer security,” Ducklin said. “They take risks, routinely get away with them when their Windows brothers and sisters wouldn’t, and therefore learn to stop thinking, or at least caring, about those risks.
“Sometimes they even go so far as to infer that because they have taken risks and not come to any harm, at least that they are aware of, they must therefore be immune entirely because of some sort of ‘magic security smoke’ is designed into their OS or device.”
This, Ducklin contended, is a trend that threatens to emerge with MIDs – especially on non-Windows varieties.
If you are complacent about which links you choose to click, about which programs you elect to install, about what videos you decide to sneak a look at, and about how much trust you put in unsolicited or unknown emails, then any one piece of malware – even if it’s the only one ever written for your platform – might catch you out, Ducklin said.
“In an environment with less technical and cultural resistance to security threats, cyber criminals may well find that they don’t need a large selection of different malware to achieve the malicious results they have in mind,” he added.
“Moral of the story: Stay ahead of the curve. Don’t wait until so many people on your platform or device get infected, attacked or compromised that you are forced into thinking about computer security. After all, you could be one of the unfortunate early victims.”
2. Device theft
If you haven’t lost an MID yourself then you probably know somebody who has. In fact, losing devices is a global problem that afflicts both large and small corporations with harmful consequences.
According to McAfee marketing director Asia-Pacific, Allan Bell, there is one laptop stolen every 53 seconds.
“It is actually very common. I have even heard stories where people use it as a technique to get themselves a new laptop,” he said. “So some laptops were not necessarily stolen but perhaps deliberately mislaid. If you have an old model and you want a new model, you might happen to leave it on the plane. Then you get issued with a new one; it is amazing some employees can be very cynical that way.
“Your laptop has a one in ten chance of being stolen this year according to the FBI and 97 per cent are never recovered. If you are a large company or a Fortune 1000 financial institution, on average they lose a laptop every day and they can’t locate two per cent of their PCs.”
While there is a cost associated with losing devices the main point is it is very easy for people to lose their data.
“There is a cost in the laptop itself and there is a cost in losing your phone,” Bell noted. “But for an organisation the bigger cost is loss of data. It is not so much about losing data that you can’t recover so people can do their work – obviously that gets covered by your backup policy – it is more you don’t know what has happened to that data.”
To protect the data on any MIDs Bell advised the channel to use encryption and also educate clients while helping them to develop appropriate policies.
“One of the things with encryption is you need to be able to prove that the laptop is encrypted,” he said. “So having a central management product which can basically tell you the status of those computers, when they were last on the network and confirm the computer was encrypted. Under the rules that are used in the US, if your laptop is lost but encrypted you no longer have an obligation to notify users. Whereas if you had lost the laptop and it wasn’t encrypted, even though that data may not have been found or on the Internet, you have to go and notify people they may have had their data lost.”
