Information security watch – Corporate networks and Apple
Forrester has predicted that by 2016, more than 200 million workers will be connecting to their corporate networks using their own mobile devices. However, IT and security managers have grave concerns at the prospect of personal devices introducing malware and viruses onto enterprise networks.
Smartphones continue to grow in popularity and are now as powerful and functional as many computers. Hence, organisations globally have started to adopt a BYOD (Bring Your Own Device) strategy to leverage the use of technology and increase productivity of employees whilst standardising around a set of secure devices.
Sri Lankan organisations too have started to adopt a BYOD strategy and in some cases have standardised the roll-out on iOS platforms. The security scare, dealing with Android malware, isn’t the only reason why CIOs have adopted iPhones as BYOD equipment. A new system from HID Global brings biometric security to the iPhone and features a built-in identification technology from Microlatch and Apple-owned AuthenTec. This further enhances the user identification and authentication prior to granting access to corporate data from the iPhone.
Apple’s iOS is inherently more secure due to the availability of security updates and App Store is curated. Modifying the smartphone’s security settings to install an application which is not available in the App Store is a convenience for many users. Tampering with the phone’s factory settings, jailbreaking, or rooting the phone undermines the built-in security features while making it more susceptible to cyber-attacks. The phone’s operating system software should be kept up-to-date by enabling automatic updates or accepting updates when prompted. This will help reduce the risk of exposure to cyber threats. Accessing a Wi-Fi network that is open to the public can also make the phone an easy target of cybercriminals. Hence, the use of public hotspots should be limited and instead use protected Wi-Fi from a trusted network operator or mobile wireless connection to reduce the risk of exposure, especially when accessing corporate, personal or sensitive information.
Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.
(The writer is a Governance, Risk and Compliance professional. He can be emailed at
sujit@layers-7.com
Follow @timesonlinelk
comments powered by Disqus