The Exception to the Rule is your Greatest Risk
Here’s a common scenario and one that will become more common with the ever increasing penetration of Tablet Devices in the Enterprise… Your Senior Exec just got their iPad. They love it. They use it everywhere. Literally everywhere! That’s a scary word for anyone involved in securing Corporate Data, yet enabling access to sensitive corporate data on a tablet can be a risky proposition. There are three reasons why…
- Executives are often early adopters of new mobile technology like the latest smartphones and tablets, even when company policy around their use is not fully formulated. This opens the door for security rules exceptions to accommodate these users. (But that’s OK, because the Execs are the most trusted people in the company, right?)
- Executives need accesses to more sensitive data.
- Most Executives travel a lot. And travelers are far more likely to be targeted by identity thieves, purposeful hackers, and sophisticated professional data harvesters than the more stationary among us. Not to mention the ease with which mobile devices seem to get lost or stolen in airports. A recent article in Executive Security Today points out that in 2011, travelers lost 11,000 mobile devices in the busiest US airports.
As Senior Executives enthusiastically embrace the latest mobile devices and applications, there is a “perfect storm” brewing when it comes to enterprise security. Identity theft, intellectual property theft, and industrial espionage are growth industries. Stealing data from mobile devices is no longer strictly a crime of opportunity, but rather it is evolving into an industry that systematically seeks and exploits high value targets. Although lost and stolen devices get most of the headlines, two of the greatest threats for business travelers come from the use of unsecured wireless networks in public places, and through Bluetooth connections.
Accessing wireless connections through unsecured wireless networks makes it easy for data thieves to engage in a “man in the middle” attack in which they surreptitiously capture entire unencrypted packet streams. The Bluetooth threat comes from unintended Bluetooth pairing, where a smartphone, laptop, or tablet allows an anonymous device to establish a connection without the case-by-case acceptance of the device’s owner. Both of these things can happen so stealthy and so quickly that a typical user would never notice the symptoms or even suspect that there was anything amiss.
So how should you protect your executives against these kinds of attacks? Follow these rules
- Implement end-to-end data encryption;
- Implement rigorous tokenized user authentication that prevents anyone without proper credentials from accessing the device.
- Enforce these and all other mobile security policies for all devices, and all users. No exceptions!
An Enterprise grade Device and Security Management platform, such as Afaria, simplifies the task of configuring new mobile devices for safe business mobility, even for those enthusiastic Execs.
Please follow me on Twitter @ithain