Mobile Devices Pose Growing Threat to SMB Security

The Mobilisafe survey indicated SMBs do not feel they have adequate tools to determine mobile risks or respond to them.

Small businesses are finding themselves at risk because of the proliferation of mobile devices used in the workplace, Mobilisafe, a Seattle-based mobile security company, found based on interim results of its small and midsized business-focused (SMB-focused) beta study. As part of the beta, SMB participants evaluated a product that provides visibility to all mobile devices accessing their company€™s network.

Over the course of 3 months, Mobilisafe mapped more than 38 million employee mobile device connections that provided key data for their analysis and interim results. The majority of SMB€™s are highly mobilized, driven by the bring-your-own-device (BYOD) trend of recent years, but SMB IT managers significantly underestimate the number and kinds of mobile devices connecting to their network.

In addition, SMB IT departments lack solutions to map their corporate standard for information security used with laptops, desktops and servers to mobile devices. For example, they have tremendous difficulty determining if mobile devices are up-to-date with the latest firmware. Even though there are serious concerns about data risk on mobile devices, the survey indicated SMBs do not feel they have adequate tools to determine those risks and respond to them.

This lack of visibility to mobile devices and their usage can have serious consequences, especially when employee-owned devices are lost, stolen or resold to others outside the company, the report noted. On average, 80 percent of the employees are already using smartphones and tablets, and a new device model was introduced to a company for every 6.6 employees, the survey found. The survey also found 56 percent of iOS devices were running out-of-date firmware and 39 percent of total authenticated devices were inactive for more than 30 days, prompting concerns and conversations with employees about lost, sold or otherwise misplaced devices with employee credentials and sensitive corporate data.

€œWe know that SMB IT departments are severely resource constrained, and do not have the time to get ahead of the issues introduced by an increasing diversity of devices brought to work by employees,€ said Giri Sreenivas, CEO of Mobilisafe. €œThis study confirms the severity of the issues, and the need for a solution that makes it simple to see, assess and respond to these risks.€

The accelerating adoption of smart devices and growing number of available products is creating a large reseller market for replaced devices. For example, Motorola recently announced that approximately 100 out of a batch of 6,200 Xoom WiFi tablets that were refurbished by Motorola Mobility may not have been completely cleared of the original owner€™s data, including passwords, prior to resale. Half of mobile devices sold on eBay still contain personal information on them, according to an informal survey by mobile and forensics specialist Disklabs.