Smartphones have become so convenient, so feature-rich, and so easily portable that most smartphones now carry more personal information than do PCs, a fact that has not eluded the world's cybercriminals.
Yet, despite daily headlines of rogue smartphone apps and snooping sensors, smartphone vulnerabilities are not compelling smartphone owners to rush out and seek added protection for their devices.
A recent Juniper Research survey on mobile security released this month has triggered increased concern among security watchers and IT that smartphone security is everybody's business, including, well, business.
Currently, 80 percent of smartphones are running without any type of malware protection, according to the Mobile Security report from Juniper Research, mobile research specialists.
No Action in 2013
It is small wonder, then, that cybercriminals are unleashing their creative juices and computer skills to see what they can achieve on mobile platforms, hitting consumers and businesses alike. Interestingly, Juniper researchers said the number of unprotected devices in the enterprise and consumer base will not change through the year, even though more security products for mobile devices are on the market. This cannot be great news for IT.
CEOs championed the "bring your own device" phenomenon as a smart way to increase productivity and sales by allowing users to deploy their phones and tablets to get work done in the office or on the move.
Today, though, businesses are waking up to a flip side of BYOD as an area of potential risk. IT managers, in particular, are concerned about protecting confidential business information that is now residing on workers' mobile devices. Repercussions of doing nothing amount to allowing attack vectors and vulnerabilities that could cause mayhem on corporate networks. IT also worries about employees using unsecured file sync services that the IT managers may not know about.
Get a Grip and a Balance
Security experts generally recommend that a company, large or small, implement a set of rules to establish just how the business is to handle PCs, smartphones and tablets carrying business information. The key, they say, is to adopt policies that not only address risks but make employees feel comfortable about compliance while still leveraging their devices to get work done.
Some companies have no policy in place, while other companies post informal suggestions for safe practice; others have highly recommended, if not mandatory, practices. One poll of policy making by myITforum.com, an online community for IT professionals, found that half of respondents said they had not even thought about implementing a policy, while other answers ranged from recommended but not required to required, to having thought about it but with no policy in place. (continued...)