IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
Hackers can readily access sensitive corporate data via employees’ personal smartphones, a leading South African IT consultant has warned.
Speaking to IT News Africa, Richard Broeke, a consultant for security management specialists Securicom, says staff must be vigilant when using their phone on the office Wi-Fi. Personal mobiles, which are invariably poorly protected compared to corporate hardware, can serve as a bridgehead into company networks.
“Aside from the personal risk and costs associated with these kinds of infections, employees who use unprotected mobile devices to email, store company data, and connect to the internet or company network are putting company networks and information at risk,” said Broeke.
“This is where data exists now: outside the organisation on mobile devices. Cyber criminals want access to that data and are therefore focusing on the locations where it exists, namely the mobile world.”
Broeke warned that mobile and tablet platforms are now a key front in the defence against hackers.
Phony apps
“Reports from two major security software vendors in 2013 show a consistent rise in attacks targeting mobile devices, specifically Android devices,” he said.
“A lot of them are phony apps, downloaded from third-party app stores and text-messaging Trojans that cause devices to send out SMS’ to premium-rate numbers.
“There are also growing numbers of more aggressive apps that act as spyware, working in a similar fashion as spyware on a computer, to harvest the information the criminal wants.”
In a world where computing hardware is increasingly mobile, antivirus protection must have the ability to travel too.
“Wherever a company’s employees go, data goes too,” said Broeke. “When there is no policy or technology in place to manage and protect data on employees’ devices, it is vulnerable.
“Companies are realising slowly that their data, and ultimately their business, is at risk. Unfortunately, the realisation will come too late for a lot of organisations.”
Broeke believes companies must not be complacent about the threat posed by inadequately protected personal phones.
“Even if they are activated and updated with the necessary regularity, this nature of security software is not capable of protecting the intellectual property housed on a device. For the business, it is about protecting that data, controlling what can or can’t be done with that information, and being able to retrieve it, should the device land in the wrong hands, get lost or stolen.
“Companies should want, and need, to have control over how their data is stored and managed on employee devices,” he says.
However, he doesn’t advocate limiting the use of personal phones.
“Mobility empowers productivity. You can either stifle that productivity by not allowing company info, such as e-mail, onto personal-owned devices, or you can embrace it in a controlled fashion and let your staff work the way they live, through collaboration and sharing on devices that they are comfortable using.
“It is possible to enforce security and device control, even in a scenario where employees use their personal devices for work. And, it is possible to do so without impacting their experience or the personal data they have on their devices.”
Mobile security features prominently in the schedule for IFSEC South Africa, the premier security and fire event in Africa, which takes place 13-15 June 2014 at the Gallagher Convention Centre in Midrand.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
Personal Phones Acting as Bridgeheads to Corporate Network SecurityStaff who access their employer's data through their mobiles are unwittingly jeapordising network security, a top IT consultant has warned.
Adam Bannister
IFSEC Insider | Security and Fire News and Resources
