‘Mobile Security Threats of Little Concern to Enterprises’
While smartphone end-users realize the productivity and satisfaction benefits of allowing employees to use the device for work, a vast portion of them do not fully comprehend the extent of mobile security threats.
This was according to the findings of Norton-vendor Symantec that recently conducted a short survey to learn more about end users’ experiences and perspectives on the consumerization of IT, with results that complement the study conducted by Trusteer, a global provider of secure browser services.
Trusteer reviewed the log files of Web site servers that host phishing sites and found out that phone users are more quick to follow links associated with emails they would receive usually from anonymous senders than computer users do.
Trusteer claimed that phone users are threefold susceptible to attacks launched by phishers since phishing Web sites are harder to detect when surfing the internet using mobile devices.
On the other hand, enterprises may not be educating employees on the potential security risks created by smartphones, Symantec found.
Most respondents to the survey believe allowing their employees to use the smartphones of their choice has little or no impact on the overall security of their company’s networks and information.
Of the companies that allow employees to use their work-related smartphones for personal use, only more than a half have communicated policies or best practices to them regarding the security of their devices.
Majority of these policies and best practices being communicated by companies include the need to password protect mobile devices, while the least were guidelines on downloading smartphone applications.
Symantec said organizations need to do better to communicate guidelines related to downloading applications given that the majority of malware for smartphones involves legitimate apps that have been Trojanized and re-published on third-party app hosting sites.
The survey further revealed that employees access sensitive and confidential information through smartphones while enterprises still lag behind in improving in their efforts to ensure that these devices are secure and properly managed.
Although almost half of the respondents admitted they are not aware of any mobile security or management software their company uses in relation to their devices, about three-fourths said they use smartphones to access information that could be considered sensitive or confidential.
The most common sensitive information accessed is competitive or proprietary data and personally identifiable information.
Symantec concluded that end users do not fully realize the potentially sensitive nature of the information stored on smartphones, indicating the little importance being given to mobile security concerns.