Mobile devices expose networks to security threats

The latest IT security threat plaguing the office is actually clipped to the belts and purses of a company's mobile workforce.

Wireless devices that can send and receive e-mail -- BlackBerries, Windows Mobile-based phones or other smart phones -- are emerging as serious corporate threats because they have become so advanced and widely used, yet are so thinly secured, that cybercriminals are targeting them as a path to corporate data, say security experts and vendors.

"There have been cases of viruses and other nasty things that can be done to mobile phones that have not really been serious yet, but they will be," says David Ferris, president of Ferris Research.

Mobile messaging threats come in a few flavors, according to David Champine, senior director of product marketing with security vendor Cloudmark. One is text-messaging spam, or quick Short Message Service (SMS) messages that mobile phone users receive directing them to a Web site where the sender is selling something, or in more sinister cases to a site that captures personal or financial information. This particularly annoying form of spam has been around for a few years, but hasn't been prevalent in the United States since text messaging is not as popular here as in Europe and Asia.

Much more menacing are the threats posed when employees access their corporate e-mail or other enterprise applications from a wireless device, Champine says. Because many mobile device users also check their Web-based mail and visit Web sites from these devices, which typically lack antivirus, antispam, Web filtering and other security software normally found on a PC, they are open to any threats lurking on the Internet and crossing e-mail connections, Champine explains.

Because an employee's mobile device -- often issued and approved by the IT department -- is open to such threats, so is the entire network when the employee connects to the company's Exchange server or enters data into a CRM application from the handset, he says.

"People trust these devices, they say 'I got it from my corporate IT guys, so it's got to be secure,' but attackers always look for the highest return from the least-known back door," Champine says.

Attackers also are preying directly on mobile service providers' networks.

McAfee, which makes mobile security software for companies and mobile operators that protects cell phones from viruses, Trojans and other threats, earlier this month released findings from a worldwide study it commissioned of 200 mobile operators. Of the respondents, 83 percent said their networks have been infected by threats that affect the mobile devices that connect to them.

Respondents also said the primary result these threats have had on their business is a decrease in customer trust and therefore satisfaction -- which can be a big issue in the mobile industry where customers will quickly jump to a competitor -- and network performance.

Cloudmark sells a version of its Authority e-mail security software for mobile operators that helps protect their SMS and e-mail networks from threats. But because most mobile device users open themselves up to unprotected Internet use, securing the service providers' networks won't solve the problem. IT managers should not let mobile users access their Web-based mail accounts from the same devices they access corporate resources, Champine says, and mobile device operating systems should be set for maximum security.

But there's a price to pay for greater mobile security. Mobile workers will no doubt grumble if they have to carry a personal phone for Web e-mail access as well as their corporate device, he says. And IT departments are likely to limit the amount of corporate data a mobile device can access, for fear of intrusion.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Cara Garretson

Network World

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?