Analysis: Five security tips for smartphones in the enterprise

The technology of today’s smartphones is going to put more pressure on IT departments, and IBM has released advice about how administrators can cope.

Amongst all the fanfare from the release of the 3G iPhone, business users were particularly interested in the fact that it was much better positioned to be used for enterprise, thanks to new business tools and capabilities such as the push email.

This has focused more attention on the incorporation of smartphones into business networks, which in the future looks to be a necessity thanks to modern day workers needing to perform many tasks on the move.

RIM's Blackberry has been the business smartphone of choice for a while, with its ability to perform corporate tasks and its functionality.

However, a new generation of smartphones such as the iPhone but also devices like the Nokia N71 and the new series of Blackberrys are capable of doing much more. These phones have features such as the ability to access the net using 3G, watching videos and downloading third party applications which have its own inherent risks.

It is also clear that smartphones will carry more important and confidential corporate information than ever before such as internal communications, customer contacts, financial information as well as intranet systems and networks.

In the wrong hands it could cause huge damage to business, and IT departments around the world are going to have to deal with new problems and a bigger strain on networks.

In response, IBM Internet Security Systems released a five point plan which IT administrators need to keep in mind when attempting to incorporate the technology into their enterprises.

1 - Enforce strong password policies

If the smartphone was lost or stolen, strong passwords could mean the difference between the loss of a phone and the loss of sensitive data which could cost business financially and destroy reputations. It was advised that business smartphones needed to be configured to lock screens after a period of inactivity, and passwords be complicated and changed on regular basis.

2 - Protect smartphone VPN access

Attackers are capable of exploiting vulnerabilities in smartphones and infecting them with malware, which in turn can transfer through VPN connections through to intranet resources. IBM said that smartphone servers and VPN egress points should be placed on a network which is firewalled from the rest of the internet. Connections coming from the phones should be monitored with intrusion protection systems and access from smartphone VPNs restricted to servers that are really needed by users.

3 - Establish procedures for employees to follow

It is possible for sensitive data to be wiped from smartphones remotely from the enterprise server if they are lost or stolen. It was recommended that a contact point for employees who had lost their phone so data could be wiped and a replacement be sent.

4 - Control the installation of third-party applications

Smartphone users will be tempted in downloading productivity applications or other files which carry malware or a back door. Businesses needed to consider restrictions on these types of third party applications, especially if they are not digitally signed.

5 - Evaluate smartphone anti-virus solutions

Although there are few malware threats on smartphones at the moment, there are anti-virus solutions on offer. As the popularity of smartphones increase, so will the malware that targets them. Businesses needed to monitor constantly in determining which mobile phones needed to be included in host based security deployments.

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

IBM: Hackers are targeting COVID-19 vaccine 'cold chain'
Security

IBM: Hackers are targeting COVID-19 vaccine 'cold chain'

3 Dec 2020
GitHub: Open source vulnerabilities can go undetected for four years
Security

GitHub: Open source vulnerabilities can go undetected for four years

3 Dec 2020
What is shoulder surfing?
Security

What is shoulder surfing?

2 Dec 2020
Security benefits of open virtualised RAN
Whitepaper

Security benefits of open virtualised RAN

2 Dec 2020

Most Popular

Samsung Galaxy Note might be discontinued in 2021
Mobile Phones

Samsung Galaxy Note might be discontinued in 2021

1 Dec 2020
Microsoft Teams no longer works on Internet Explorer
Microsoft Office

Microsoft Teams no longer works on Internet Explorer

30 Nov 2020
Sopra Steria cyber attack costs to hit €50 million
Security

Sopra Steria cyber attack costs to hit €50 million

26 Nov 2020