Mobile devices such as smartphones are ubiquitous in today’s business environment. These devices provide for a dramatic increase in productivity, however they can be a nightmare for security professionals.
You might wonder why this is the case. I mean, don’t we have anti-virus software, location tracking services, and applications that can wipe the data off of the mobile device once it has been discovered lost? The answer to that question is yes, of course. However, despite all of the technological safeguards that exist to secure mobile devices, they remain a security risk. This is because the technological safeguards that exist for mobile devices secure the devices and not the people that use them.
Let me provide an example. I was at the airport recently waiting on a flight. As usual, I had my laptop open and was working on reducing my inbox. Seated next to me, was a man about my age (37) who was speaking rather loudly on his smartphone. I could only assume that he was speaking so loudly to compensate for the background noise that is always present in an airport terminal.
While the volume of his speech may have been necessary for the other party to understand him, it also allowed me to hear every word of his conversation. So what did he say? Well, without going into too much detail, he was apparently speaking to someone at his home office and allowing them to order something for him. As a part of that process, he needed to provide that person with payment information. So he pulled out his walled and proceeded to read off (in that same clear, loud voice) the number from his credit card, the expiration date, and even the CVV number off the back!
As I sat next to him, laptop open and hearing every word he said, I could only think that if I had lesser morals I could be going on one heck of a shopping spree. So how do we fix this? Well, it all comes down to getting the users of mobile devices to become mindful of their environments.
Users have to know that when they are out in a public place, that they don’t have a reasonable expectation for privacy. Furthermore these places are filled with shoulder surfers that will scan your text messages or people that will eavesdrop on your conversations hoping to gain sensitive information. Technology can’t fix these problems. Training can to some extent, but it really takes a commitment on the part of the users to be aware of their surroundings and to act appropriately.
I am currently researching the causes for mindless behavior with mobile devices and the best ways to address the threat to security associated with their use. I will share my findings with you in future posts. Until then, when it comes to being secure on mobile devices, it’s up to you!