The smartphone continues to revolutionize the business world as new and innovative phones flood the market and slick apps make it easier to do business around the clock, from anywhere. From a profitability and productivity standpoint, the business enhancing affects are unquestionable. But with this rapid progression in smartphone technology come new security challenges that not only CIOs and IT staff need to think about, but also small business owners and managers. Smartphones can be open portals to sensitive personal information and your corporate network to which they link, making it absolutely crucial to understand the security risks and how to maintain the integrity of your data. Peter DiCostanzo, a preeminent mobile phone and iPhone consultant, adds that “Like laptops, smartphones are an extension of your corporation’s network not only containing sensitive or confidential data, but through VPN capabilities it can allow direct connectivity to the heart of your company’s business. It is imperative for the network administrator to view smartphones the same as employee laptops, and to apply the same (if not greater) precautions and access levels restricting access to the corporate network.”A couple of stats to consider… 36% of business network attacks originate from end-user devices, and according to the 2010 Data Breach study, 28% of attacks occur through the various social networks that employees enjoy on their smartphones. Monitoring these types of activities and deploying a use policy will go a long way in securing sensitive company data that travels between the company network and employee smartphones. With over 250,000 apps available, and with the rate at which they enter the market, it’s understandable that not all apps are vetted before they’re available for download. This is a huge source of vulnerability and an increasingly inviting platform for malicious criminal activity that can have devastating effects on your business. Highlighting the importance of a strong use policy, DiCostanzo explains, “Policy should define and restrict which smartphones may be used on a corporate network. If the phone does not support features such as password protection, or remote-wipe (ability to remotely erase the phone if lost) for example, it should not be allowed to access company data.”In closing, if you already have one or plan to deploy a business smartphone to your workforce, give some serious thought to the following:* Education. Make your employees aware of how their smartphone interacts with your network.* Create and strictly enforce a use policy, and ensure that security apps are included in said policy.* Understand that not all smartphones operate on the same platform. Phone software packages have holes and no carrier is immune to malware and viruses. Learn about the various vulnerabilities and safeguards of the smartphone options you’re considering.* Require employees to sync their phones regularly, keeping sensitive data off of their phones.* Maintain a corporate firewall and regularly monitor all server activity.* Limit employee permissions to only what they need to get their job done.* Have authentication protocols in place for accessing corporate networks.* Keep malware definitions up to date and running on all security software.
corporate network, smartphone technology, mobile security, small business, network security tips