Plugging the mobile data leaks

The rapid adoption of smart devices in the workplace is giving CIO’s sleepless nights and the problem isn’t malware but data leakage.

The History Channel recently investigated the impact of technology on society, nominating the smartphone as the number one gadget that changed the world. Beating off stiff competition from PCs, TV, radio and even light bulbs, smartphones reigned supreme.  This is unsurprising when we consider the huge productivity gains these devices have enabled. Ten years ago, the concept of a pocked-sized device offering phone, email, social networking and satellite navigation was unthinkable, and these are just a few of the services we rely on the humble smartphone to deliver.

What I find equally interesting is the way that smartphones, and mobile devices in general, have impacted our working practices. The office has become limitless, with employees able to work effectively from wherever they may be located. We have anytime access to corporate resources, with many of my colleagues checking their email last thing before they go to sleep and first thing when they wake up.  Even the concept of “time off” has a different meaning in today’s connected business world - there is always a temptation to use a mobile device to ‘check in’ on what is happening at work.

Given their prevalence, mobile devices have captured the attention of cybercriminals and CIOs alike. We have seen a marked increase in threats targeting mobile devices – a global rise of 42 percent over 2010. However, despite this rise, the overall volume of mobile threats remains low compared to computer-based threats. It will take advances in mobile payment technology such as near-field communications (NFC) and Google wallet to fuel an increase in the quantity and sophistication of mobile malware.

While mobile malware is not yet on par with PC malware, the proliferation of personal mobile still concerns CIOs due to the potential for data leakage. Tablets in particular have become a major concern. Employees are bringing them into the enterprise at a rate that outpaces the businesses ability to secure them. CIOs are worried that employees fly under the radar of IT to access and send sensitive data on these devices – increasing the chances of confidential information ending up in the wrong hands.

Data leakage is a significant issue for businesses with the average data breach costing local organisations $128 per compromised record according to a Symantec study. Additionally, the reputational damage to a brand can be irreparable as we have witnessed with a number of high profile data breaches making headlines over recent months. Therefore, over the year ahead, we expect to see data loss prevention and mobile security becoming a bigger focus area for CIOs. The following tips provide a starting point for businesses that are looking to manage data leakage from mobile devices. 

  • Educate employees: Data breaches can be avoided by simply educating employees on the importance of protecting their devices. Good, common-sense best practices are part of the solution for protecting data. For example, do not leave your mobile device lying around for others to pick up, keep it on your person or in your sight at all times. Forgetting a mobile device on a bus or train, or even leaving devices unattended at Christmas parties, could have damaging consequences to a business. 
  • Encrypt the data on mobile devices: The business-related and even personal information stored on mobile devices is often sensitive. Encrypting this data is a must. If devices are lost and the SIM card stolen, thieves will not be able to access the data if the proper encryption technology is loaded onto the device. 
  • Install security software on smartphones: Security software specifically designed for smartphones can stop hackers and prevent cybercriminals from stealing business information or spying on employees when they use public networks. It can also detect and remove viruses and other mobile threats before they cause your business problems.
  • Invest in a data loss prevention solution: Data loss prevention technology provides an insight into how information is leaving the organisation. It enables businesses to set policies to ensure that sensitive information is safe. For example, it can prevent customer data from being emailed without encryption or provide user based rights for removing financial data from the network.
  • Make sure all software is up to date: Mobile devices must be treated just like PCs in that all software on the devices needs to be kept up-to-date, especially the security software. This will protect the device from new variants of malware and viruses that threaten your company’s critical information.
  • Use caution when enabling Bluetooth connections: A phone’s Bluetooth setting is usually on by default, so it will need to be turned off or paired with a device. If not, the phone will look for other Bluetooth-enabled devices to connect to, which could result in malware being loaded onto the device or information being stolen from it.

  • Watch out for Wi-Fi: Similarly, with the increasing amount of Wi-Fi hotspots in major cities, people can connect to the internet almost anywhere. However, it is important employees only use secure wireless connections that are password protected when accessing a company server remotely.

  • Password protect access to your mobile device: It is a simple measure, yet many people neglect to secure their personal devices with a password. This will go a long way in keeping a thief from accessing sensitive data if it is lost or hacked.

As we move into 2012 we can be sure that Australians will continue their love affair with mobile devices. With more than 70 per cent of locals using their devices for work and play, the issue of data loss prevention will be top of mind for CIOs. However, through a combination of security technology, employee education and strong information management policies, businesses can encourage mobility while ensuring that their data is safe.