Lapses in smartphone security put businesses at risk

Ryan Doran
April 29, 2011
Originally published on www.westfaironline.com

Though consumers remain the largest offenders, and victims, of lapses in smartphone security, allowing employees to use personal phones for work email can put business systems at risk, as well.

“From my standpoint, when it comes to smartphone applications you should trust no one,” said Chris Furey, founder and CEO of Virtual Density in Danbury, Conn., a multi-vendor cloud computing aggregation, storage and security service. “Whatever apps you’re downloading, whether they are from your bank or just a game to pass time, you need to do your homework.”

A recent study published by New York-based technology research company Ovum showed that only 52 percent of businesses enforce authentication on company-provided mobile smartphones. Fellow New York-based technology research company Goode Intelligence conducted a similar survey that found 70 percent of businesses allow employees to use their personal smartphones for company business, and 64 percent of the companies that allow users to store company information on their smartphones are not enforcing encryption of that data.

“Often it is not the application function of your phone that you are using that is dangerous,” said Furey. “Often malware (malicious software) is designed to stay hidden and spy on the accounts you access on your phone.”

Furey said the Apple iStore is the most reliable place to download a smartphone application because of the vetting process Apple puts developers through. Apple’s major application competitor, the Android, currently offers no regulation in terms of developer or software intent.

“Amazon is actually building a market for Android applications that is much more like the iPhone store in terms of a vetting process,” said Furey. “That should level the playing field a bit.”

In a recent study Traverse, Mich.-based Ponemon Institute, which conducts independent research on privacy, data protection and information security policy, found that 70 percent of smartphone users have never considered using a mobile antivirus application. According to the study, 66 percent of people have made at least one purchase on their phones, 38 percent have made payments on their phones and 14 percent do mobile banking. The study found 12 percent have been the target of attempted mobile payment fraud, though 6 percent do a monthly check of their cellphone bill.

“Most of us really forget that these aren’t cellphones we’re using; they are small personal computers that happen to be able to make phone calls,” said Furey.