Smart Device Security
Are you providing smart phones or tablets to your employees without managing those devices?
You could be opening up a security hole to your network.
Cyber criminals are continually looking for new ways to break into your network. Desktops and laptops are the favorite target, but with the growing number of smart devices cyber criminals are highly motivated to develop new ways to break into your network through these devices. Symantec did a study published in their “2015 Internet Security Threat Report” and in it they indicated that 17% of android applications are actually malware in disguise. (Apple’s App store and Google Play are normally safe as they work hard to vet all the products on their site). Stopping this type of threat would involve limiting the specific applications that can be installed on your smart devices but that isn’t there only way in. Email Phishing accounts for a very high percentage of computer infections and smart devices are next. Phishing via email has primarily targeted PC’s but I have to believe that smartphones are the next “Blue Ocean” strategy for the cyber criminals.
If your smartphone is like mine, once someone gains access either physically or through a malware application they have access to all of my email, links to files stored at office 365 or Google Docs as well as access to the VPN back to my corporate network. If you use Apple Pay or Android Pay on your device, cyber criminals would have access to credit card information as well.
One of the major challenges of smart devices is the ease of physical access. Phones and tablets are often left lying on the table or counter and a thief can quickly grab and go without being noticed. So what is an IT manager to do?
I have good news because securing your smart phones and tablets is not as complicated or as expensive as you might think.
Yes it is a good idea to have a tool that allows you to manage all of your devices in mass and depending on the number of devices involved that may be necessary. On a simpler level I would suggest that the most effective thing that you can do to secure your smart devices is to require a passcode. Ideally this code is more complex than four 9’s which could be discerned by just looking at fingerprints on the screen. Having 4-6 random numbers that relate to something meaningful to you but won’t mean anything to a stranger is the ideal. The Apple IOS can after 5 failed attempts disables the device for 2 minutes. You can also set it so that after 10 failed passcode attempts the device wipes itself. This basic step of requiring a pass code can thwart most physical attacks. A side benefit is that it can keep your kids from changing the setting on your device to that crazy ring tone that is embarrassing.
Managing the email on your devices through Office 365 or some other tool is clearly a wise choice. Through these utilities you can force a device to have a passcode and you can restrict the ability to install applications. You can manage your company’s smart devices so that your internal support will not spend significant amounts of time supporting smart devices.
IT departments understand the importance of patches and updates on computers. In the same way you shouldn’t delay installing patches and updates on your smart device. I’m not advocating being a beta tester for these patches and updates but after two to three weeks it would make sense to get these installed. Keeping your devices up to date in order to protect them is just good business.
To see what is available for managing your smart devices simply search for “smartphone management tools” and you will find lots of choices. We can help you with this as well 336-632-0860.