Smartphones, pocket PCs, and similar devices offer the freedom to communicate and access important information anytime, anywhere. At the same time, the ubiquity of these devices has profound security implications for small and midsized businesses. A lost smartphone, or one that connects to a rogue network rather than a legitimate one, can open SMBs to all sorts of risks. In fact, recent editions of the Symantec Internet Security Threat Report reveal that spam and phishing attacks are increasingly being propagated through mobile devices, and Symantec security experts now see smartphones as the next target for hackers.
There is no question that smartphones are quickly becoming the next major computing platform. A recent study by Gartner Research shows that smartphones outshipped laptops in 2007, and analysts predict that one billion mobile devices will hit the market by end of 2011. And as these smart devices increasingly feature expanded bandwidth and functionality, users are beginning to use them more like a PC than a phone. Essentially, smartphones are now being used the same way as computers and are accessing the same information. In a U.S. survey of smartphone users conducted by Applied Research, 34% of respondents said they access their bank accounts via their mobile device and 54% of respondents said they access Web sites that require a password.
As more workers transact using their mobile devices, attackers have adopted stealthier techniques to take advantage of the still widely unprotected mobile environment. Yet, few smartphone users are aware of the security risks. A recent study by the National Cyber Security Alliance and Cisco based on interviews with 700 mobile workers in the United States, United Kingdom, Germany, China, India, South Korea, and Singapore reveals that 73% of mobile workers aren't always educated about security threats and best practices when working on the go, and nearly 30% of them admitted that they "hardly ever" consider security risks and proper behavior.
While the aim of attacks targeting mobile devices are similar to those targeting PCs – to obtain confidential information for financial gain – the propagation methods of smartphone attacks are specific to the mobile platform. One type of attack involves using SMS (text) messages. Since users of mobile devices typically perceive text messages as being more personal than email messages, they are more likely to trust them and act on them. Other threats, such as snoopware, specifically leverage mobile device functionality, for example by using the phone's camera to spy on the user, by disabling applications, or sending text messages from the phone without the user's knowledge. Other types of attacks Symantec has observed include viruses spread with Bluetooth transfers, game downloads, and updates to the phone's system, ring tones, or alerts. The latest and most sophisticated threats are known as "Pranking4Profit," where the attack results in theft by accessing premium mobile SMS payments.
Mobile devices are playing an increasingly vital role inside SMBs; at the same time, these devices have become the new vulnerability, and unfortunately too few organizations are employing sufficient measures to protect them. Compromised, or lost, smartphones place a company's confidential data at risk. In addition, by breaching mobile devices, attackers can destabilize an organization's IT operations and, ultimately, the business.
Since mobile devices typically store a vast amount of sensitive and confidential information, SMBs should secure smartphones the same way they protect laptops and desktops. Symantec Mobile Security Suite for Windows Mobile
combines mobile security and data protection in a comprehensive security suite and allows smartphones to receive the same security technologies that protect other endpoints such as desktops and laptops. It provides protection against malicious threats and unauthorized access to sensitive information by utilizing antivirus technology, an advanced firewall, password enforcement, phone feature control, and encryption technology, while ensuring both the protection of mobile assets and compliance with regulatory requirements. When used with the Symantec Mobile VPN
, the Symantec Mobile Security Suite also helps ensure that only secure, policy-compliant mobile devices are able to access the corporate network via the VPN.
As the technical capabilities of smartphones catch up to PCs at a rapid rate, more and more workers are using these devices to store company data and access work email, contacts, and calendars. But if left unprotected, these devices can present serious security risks. Symantec Mobile Security Suite for Windows Mobile helps SMBs secure mobile devices the same way they secure laptops and desktops by providing protection against malicious threats and unauthorized access to sensitive information.