Many cyber criminals have recently turned their attention away from corporate networks and towards more vulnerable smartphones and tablets. Smartphones and tablets frequently hold client information such as phone numbers, mailing addresses, email addresses, confidential documents, and past emails exchanged. This information itself is prized by cyber criminals but can also assist into breaking into corporate networks. Spy software can also be implanted onto these devices, which will allow hackers to program them to send confidential information back to hacker control websites.
“Bring your own device” (BYOD) corporate policies have resulted in personally owned smartphones and tablets being connected to corporate networks. These policies have resulted in a number of vulnerabilities that resulted in the unintended release of confidential information. Blackberries have always had strong enterprise-level security features. However, their use has diminished as they are being replaced by iPhones, iPads and Androids, which are not as secure. Androids have been especially susceptible.
In addition, the lower tech incidents of lost or stolen smartphones result in many data breaches.
The following risk management techniques can be implemented:
Encrypt Data — Most android phones don’t have native data encryption and as a result third-party applications must be relied upon.
Improve Password Strength — Many mobile devices do not activate password protection features or they are too weak.
Use Remote Wipe Capabilities — Most smart phones have the capability to wipe the data clean in the event of disappearance of theft.
Use Network Intrusion Software — Logs should be regularly checked to detect unauthorized intrusions.
In addition to the implementation of risk management techniques, Cyber Liability insurance should be purchased. The cost for cyber liability insurance is expected to rapidly decrease for smaller businesses as Cyber Liability endorsements may be added to Business Owners Policies at greatly reduced rates.
Source: The Spy Who Robbed Me, Insurance Journal, October 8, 2012