Recent sales figures indicating that worldwide sales for smartphones will increase by 60% and top half a billion units in 2011 confirms what most people already knew; smartphones are no longer just for top executives or city hopping businesspeople.
Smartphones – notably the iPhone and those running the Android OS – allow a user to check multiple email accounts, browse the web, track appointments, record video and voice, use the GPS function, online banking, tinker with a host of free Aps and, oh, make phone calls.
This means that smartphones now hold intricate data about the user of the phone; details of their emails, web surfing history, calls made to and from the phone, SMS messages sent and received, where the phone may have travelled just for starters. Most of this information may be unique to the user but much of it belongs to the company or organisation that the phone belongs to. In the event that the phone is lost or stolen, this creates a serious security issue should it fall into the wrong hands.
In an effort to reduce the risk to the data of the company organisation, the IT Department issuing the smart phones should co-operate with senior management and the risk / security officer to address the basics of smart phone security:
- Anti-virus response – This should be the same for as for emails received on a PC – If you don’t recognise the sender, or there is a suspicious attachment, don’t open / download it.
- Bluetooth – this can be an open door with a welcome mat! Select disable unless highly conversant with password / encryption settings
- Run frequent asset checks to ensure that all smart phones are being used properly – they haven’t been passed to a spouse / partner for their use to watch movies
- Solicit information from similar sized companies who have already implemented smartphones for feedback on security issues
- Look to selecting only a handful of models of smartphones so as to avoid excessive efforts on support and updating for the fleet of phones
- Prefer to select smart phones which can support key features like encryption, remote wipe, and password locking
- Develop a written security policy and procedure items for smartphone that governs acceptable use, monitoring, responsibilities of user (e.g. what to do if device is lost or stolen)
- Actively monitor security vulnerability for the smartphones and any reported new attacks on these types of devices
- Ensure that the devices in the field can be updated quickly to fix security issues once discovered
Do you need to know more about our services and how Regents can assist you with preventing information loss? Simply go to our Cyber Threats page for our phone numbers or else send an email to firstname.lastname@example.org with your contact details and we will respond at once.