Wednesday, September 7, 2011

People just don't Understand Mobile Security Threats

When it comes to laptops and notebooks, people get it. There are security threats and spam and they need to take precautions against them. People are used to being wary of emails that ask for personal information, or websites that they don't know and never heard of that sell products at low prices. They are used to installing anti-virus software and some even have a practice of erasing their cookies and browser history. People know that identity theft is a serious problem, and that they need to be careful.

Not so with mobile devices. Maybe its because they're small. Maybe because their power is a relatively new thing and they just haven't caught up to the idea that their cell phone has become a small computer with connections to many other computers. That viruses and malware that get into their phone can get into their other computers, even their work networks. Some companies are coming to terms with this idea, but in general mobile device users just don't get it.

And so they go on downloading apps without concerning themselves much about where those apps are coming from or who made them or whether they have been properly tested and protected. They don't even think about installing protective anti-virus software, not that much is available yet.

The result is that mobile devices are now the biggest single threat to data integrity of many organizations. This means that IT Assurance professionals need to pay more attention to this threat. That is - contemporary attention. Guidance and reference materials have been out there for a few years now. But most of it is obsolete simply because the technology for smart phones has advanced so fast. New tools are needed. But until then, experienced professionals can identify the risks in the devices being used, and how they are used and suggest behaviours that will mitigate those risks.

The biggest need at this point is to modify the behaviour of the users. The fraudsters get it. And the users need to get it too.

No comments: