SaRB for SMO's blog pages contain between 3000-4500 words, as a non-subscribers you only have access to 800-1000 words.

(Reading time: 10 - 20 minutes)
You have already read 0%

Mobile Device Security for SMOs

Hot

Mobile device security

The first group of mobile devices appeared in the mid-nineties and provided personal organisation applications. These were called PDA’s (short for Personal Digital Assistant), they were a digital version of the Filofax, or diary. There were several of these around until they just fizzled out as an alternative to paper-based diaries or organisers.

This is an edited transcript from a video blog recording of Sarb Sembhi, CTO and the CISO for Virtually Informed, and his co-host Nick Ioannou, Director of Boolean Logic.

Introduction

When mobile phones took off, Microsoft created a mobile version of Windows to run on a mobile phone. This offered users an opportunity to connect to Wi-Fi, download apps, receive email, read documents, amongst other things.

"Most Organisations were not ready to deal with opening up their networks to personal devices, but it happened nonetheless."

However, things were still not that interesting for Organisations to consider using mobile devices in large numbers, this changed quickly when devices like the Blackberry, iPod, iPhone and iPad and Samsung devices were introduced, because these new breeds of devices created for “Bring Your Own Device (BYOD) into Organisations. Most Organisations were not ready to deal with opening up their networks to personal devices, but it happened nonetheless.

The transition from dumb devices and smart devices brought with it two dominant operating systems (OS) which obscured the others to an early retirement. These two operating systems very early had realised that to win over users, they had to make the OS as open as possible to application developers, as the more apps that are available would attract more users.

This opening up of the OS was not just the OS, but essentially opening up of user data, in the contact list, in the accounts users created, what apps they downloaded, and so many other things, which some big tech took full advantage of. Privacy was the casualty of this OS war to win over customers through applications on the platform.

Security in the OS and the Apps was not even an afterthought, as the OS platform owners themselves collected vast amounts of data without permission. Although, some of this has changed due to legislation (and a belated realisation that taking our data was wrong!) now the OS platform owners seem to be promoting more effective security and privacy.

Over the period of this quick overview, what has happened is that mobile devices can now represent individuals, as they can be used to access all the services that they subscribe to, pay for things in shops, transfer money to other people and accounts, reset our services via email or messaging, verify who we are (our identity) use electronic tickets to travel on trains and planes, control who gets into their home while they may be on the other side of the world, see who is going in and out of their home, control heating and lighting and energy in their home, etc.etc.The list is endless.

Our mobile devices are a representation of us, the more we use them for all the services that are available for them. So, the more applications and services we subscribe to on our mobile devices the more it is capable of becoming us in our absence. Is this risky for Small Organisations?

Attacks to mobile devices 

Attacks to mobile devices have existed for many years, and since they first started to use of the devices for so many other functions, services, etc. has made them even more valuable as attack targets - not less.

This is only likely to increase not decrease, given that we already use them to do the following:

  • Store personal data that is not stored anywhere else
  • Store password lists 

    This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.

     

     

Follow-on Information

Follow-on activities for you:

  • Share the content you found useful on social media, using the above links
  • Review our FAQ's.
  • Let us know what you would like to see included in future FAQ's
  • Participate in our polls and see what other businesses like yours think.
  • Review our "'Let Us Show You How" articles.
  • Subscribe to our newsletter(s).
  • Join us on a Webinar.

About the Authors

Sarb Sembhi

Sarb Sembhi, Virtually InformedSarb is the Chief Technology Officer and Chief Information Security Officer for Virtually Informed. 

He writes and speaks about:

  • Strategic issues in Smart Environments and related technologies;
  • Digital Safety Skills for anyone not working in Cyber Security, and; 
  • Business / security challenges for small businesses and start-ups.
Nick Ioannou

Nick is Director of Boolean Logic Limited, a blogger, an author and public speaker.

Nick has authored:

  • 'Internet Security Fundamentals',
  • 'A Practical Guide to Cyber Security for Small Businesses' and
  • 'A Practical Guide to GDPR for Small Businesses',
  • as well as contributing to three 'Managing Cybersecurity Risk' books and 'Conquer The Web'.