Securing the device. Securing the device for company business includes the installation of additional applications for enhanced password security, anti-malware and anti-virus. Current built-in mobile device password capabilities do not meet most corporate standards. Therefore, you will need to identify, select and require applications for the mobile device to enhance password protection and security. In addition, most existing mobile device anti-malware and anti-virus capabilities offer inadequate protection against those threats. Therefore you need to identify, select and require enhanced anti-malware and anti-virus protection.
What complicates this effort is the pace at which device technology and operating systems change. When an update is released, it needs to be reviewed and evaluated to determine if your enhanced protections will still offer sufficient protection. If not, then new applications to address these concerns must be identified and deployed to the mobile device.
This becomes particularly problematic because the CSO may not have direct control (if they have any level of control at all) for the device and operating system updates. These are generally controlled by the carrier, device manufacturer, or the employee.
Criminal threats to technology are evolving at a rapid pace. This places a premium on corporate IT security’s ability to fully understand the potential vulnerabilities which can be created each time there is an upgrade to a mobile device or its operating system. To maintain a high level of proficiency in these areas requires a careful and consistent investment by the CSO.
Damaged devices. Given their very nature and use, mobile devices are routinely damaged. Employees are much more likely to lose their mobile device than have it stolen. Do you want your employees going to the carrier’s store (or some store at the mall) to get their device repaired? Repair work on a mobile device will reveal not only the specific applications the company has installed for security protection, but the specific configurations used as well. In addition, a repair technician may be able to use the device to access company systems/data and access any private customer or proprietary company information stored on the device.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.