For all enterprises both SMEs and large corporations alike the ability to communicate vital information in a safe and secure way is a key factor contributing to their success. Companies are spending GB pound 13.5 billion globally on protecting their enterprise infrastructure to ensure that vital information is not leaked and that, as employers, they are providing a safe and secure IT network for staff.
Investment has already been made by installing security measures preventing employees from sending inappropriate e-mails, both within the corporation and out to a client. However, most businesses seem to be unaware of the current security threats to mobile devices, including mobile viruses and malware, phishing and inappropriate content access.
How real, though, are mobile viruses, and how dangerous is the security threat facing enterprises? Corporates are more at risk than consumers because of their selection of a common set of ‘phones, adoption of the latest ‘smart’ ‘phones and lack of individual scrutiny of mobile ‘phone bills. Today’s malware can already generate premium SMS and MMS charges, transfer customer records in conflict with Data Protection or generate fraudulent or offensive messages to key clients and partners.
Proportionate security budgets
Enterprises are still not allocating their budgets proportionately when protecting PCs and mobile devices. When you compare the proportion of business communication carried out via e-mail to that undertaken via a mobile device, it becomes clear that enterprises rely heavily on mobile devices to communicate vital information, regardless of whether or not the company provides mobiles for employees.
A significant percentage of vital information is transferred via SMS, mobile e-mail and voice calls from a mobile telephone. This increase in mobile usage coupled with the small investment being made in mobile security highlights the lack of awareness around security threats posed by these devices.
The need for employees to be able to transfer vital data safely while on the move is paramount. The faster the mobile market grows and the more frequently employees use mobile devices to communicate sensitive company information, so the threat of mobile security breaches – and liability for the employer similarly increases. It’s imperative that awareness is raised, and that it becomes commonplace to discuss fundamental security issues (such as inappropriate content access).
Similarly, it’s essential companies recognise that mobile ‘phones can be used to harass staff members in the workplace. Although members of staff may be protected from malicious e-mails and inappropriate content on their PCs, few firms have extended this protection to SMS or MMS messages. A lack of protection that could have a direct impact on company liability.
Mobile viruses and malware
According to a Semantic-sponsored survey conducted last year by the Economist Intelligence Unit (EIU), three in every five corporations polled said concerns about virus infection have held back employee ‘smart’ ‘phone roll-outs. Security threats to the mobile user are predicted to increase, with McAfee last year claiming that viruses on mobile telephones were growing at a faster rate than those attacking PCs.
In the last three years there has been a clear increase in the number of mobile viruses, in part due to variants in existing virus techniques and also due to the fact that they can be spread via several different channels.
While viruses on a PC are generally designed to be annoying or crippling, we have been seeing more and more incidents of ‘phishing’, particularly with regards to stealing financial information. This same concept applies to the mobile device, where specific information might be ‘stolen’.
The automated nature of mobile operator networks means money laundering is rife. Indeed, the National Criminal Intelligence Service (NCIS) statistics show that this is set to be worth nearly US$3 trillion by 2010. ‘Phishing’ poses a huge threat due to the potential interception of high-risk information belonging to a business and also its clients.
Inappropriate content access
With a lack of security measures in place, employees are free to browse and download inappropriate content. This not only has an impact on worker productivity but directly impacts on the company’s bottom line. Enterprises pay heavily for mobile data. Today, employees will use whatever communication devices they have in order to make their lives easier, no matter what kind of security or cost risk this poses to their employer.
The challenge that enterprises face with regards to installing mobile security is that the process cannot be carried out efficiently at the end point, as with a PC. Mobile devices are constantly being upgraded and replaced with higher specification systems. Integrating security software with the handset would be an ongoing and thankless task. This is known to cause battery drain and, more importantly, can render a device unstable.
In order to catch every media type across all the mobile bearers, the solution is best placed at mobile network level. Mobile operators are able to provide individual mobile security policies relevant to specific corporations, tailored to suit specific lines of business and the intended use of the mobile device from single network through to enterprise-specific and individual subscriber-centric policies.
For example, a mobile network operator is able to control what an employee can and cannot do on a day-to-day basis as well as offering visibility of what employees use 3G data cards for – this is of great value to many enterprises. That allows enterprises to choose the level of protection offered to employees, and appropriate controls to be put in place that ensure members of staff are using their mobile devices in the most legitimate way.
Virtual network operators
Over the next 12 to 18 months there is likely to be an emergence of corporate mobile virtual network operators (MVNO) focusing on security. Research in Motion’s BlackBerry is effectively a corporate MVNO. It runs much infrastructure and boasts its own devices.
Corporate MVNOs can provide real value and opportunity as both corporate security service providers and operators need to realise where and how they can provide corporate mobile protection.
Ultimately, it’s crucial that enterprises which need to protect not only their staff but their customers and clients – demand solutions for mobile security before their revenues and core business are seriously affected.