Top 10 Mobile Mistakes to Avoid This Holiday Season
Symantec finds that smartphone users are putting themselves at risk this holiday season. Here's how you can avoid the smartphone Grinch.
Smartphone adoption skyrocketed in 2010. According to Visiongain, Android sales leapt 886 percent this year, fast over-taking the popular game-changing iPhone. When workers head home for the holidays, they'll be taking these new smartphones with them. According to a survey on holiday habits conducted by Symantec, a whopping 90 percent expect to use smartphones to engage in at least some business activity. Let's look their anticipated holiday uses, associated risks, and what can be done to neutralize them.
Mixing business with pleasureWhen Symantec decided to survey users about holiday plans, they expected to find activities like online shopping. "Results were mostly consistent with our expectations," said Khoi Nguyen, director of product management for Symantec's Mobile Security Group. "But we were surprised by the amount of work use during the holidays."
Eighty-three percent of respondents planned to use smartphones for a mix of business and personal activities. But, although 63 percent were aware of smartphone security solutions, just 23 percent reported using them. Sadly, half agreed with the statement: "Smartphone security software is beneficial, but not essential." This shows a gap between risk awareness and mitigation. "People haven't yet been directly impacted [by mobile threats] and think they aren't exposed," said Nguyen. "They don't fully understand that smartphones are endpoints that must be protected, like PCs."
Businesses should take note of this attitude and not just during the holidays. Given consumerization of IT, employee-owned smartphones are undeniably now used for business. But employers cannot rely upon users to secure their own devices. At minimum, companies must establish policies regarding authorized smartphone use and mandatory security measures.
Email from unknown senders
Among users surveyed, work-related email tied with personal phone calls for most frequent smartphone use over the holiday. Alas, 64 percent said they were at least somewhat likely to open email messages from unknown senders 14 percent very likely. These numbers combine to produce a high risk of being compromised by targeted phishing email on smartphones. Specifically, workers who check corporate email on a laptop or desktop are more likely to use an IT-configured email client like Outlook, or at least Outlook Web Access, reaching a mailbox already filtered for spam and phishing messages. While many smartphones support Exchange Active Sync, employers can be reluctant to grant corporate mailbox access to employee-purchased consumer-grade phones. This can result in users forwarding work email to personal accounts, delivered directly to phones, without being scrubbed for spam and phishing. Companies should give serious consideration to this back door and take steps to provide safe mobile email access from employee-liable smartphones such as mail clients that interface with corporate email using "secure sandboxes."
Careless web surfing
Another popular smartphone activity will be surfing the web (68 percent). But surprisingly, just 20 percent of those surveyed planned to use their phones directly for online purchases. Nonetheless, many will probably still use smartphones to support their holiday shopping activities. "Online shopping was lower than we expected," said Nguyen. "This shows slow adoption of financial transactions on mobile devices, which is partly due to security concerns. But smartphones are providing a richer browsing experience which enables real-time [point of sale] access to product specs, price comparisons, and reviews, empowering consumers to have a more effective purchasing experience." For users that do conduct sensitive web transactions including logging into e-tailer or payment accounts from smartphone apps secure communications are a must. Employers may want to educate workers about identity theft techniques like Side Jacking (e.g., Firesheep) and enable secure communication for both personal and business traffic such as non-split VPN tunneling from smartphones.
Mobile file/app access
Among less popular smartphone activities this holiday season, 17 percent of users said they would view or modify work-related documents and 13 percent expected to use work-related apps. Activities like these demonstrate how powerful smartphones have become which further underscores the importance of preventing unauthorized smartphone use. Fortunately, users have started to heed this message. Among those surveyed by Symantec, 81 percent were not only aware of smartphone lock features, but had actually configured a password to lock their own phone. This is definitely a step in the right direction. But employers may want to go further by enforcing passcode policies on smartphones. This can be done on all new smartphones by using Exchange Active Sync, native Mobile Device Management commands, or a third-party security solution like Symantec's.
Carrying confidential data
In fact, a whopping 62 percent of users expected holiday season smartphone activities to involve sensitive or confidential work information. As previously noted, only about 1 in 4 users said they had installed security software on their smartphone or believed that software to be essential. Hopefully, some are still protecting confidential data using native device encryption on newer iPhones and iPads. But given the rise of Android and lack of device-level encryption there, it stands to reason that many smartphones are now carrying around unencrypted confidential data. This trend should concern employers and prompt near-term action to control the flow of confidential data to/from smartphones and enforce safe storage at minimum, by denying access to phones that lack encryption.