According to Trend Micro, there were three million cases of Android malware in 2014. With the vast number of Android smartphones, wearables, and smart devices invading enterprises on a daily basis, these devices are fast becoming the CSO’s new security headache.
In his recent article CSO’s David Geer examines the vulnerabilities, threats, and proactive enterprise security measures necessary to combat this new threat:
Bluetooth-connected smart devices such as smart watches and health monitoring bracelets are new endpoints that the enterprise is not monitoring, says Domingo Guerra, co-founder, Appthority. The enterprise is not protecting these devices behind corporate firewalls or defending against data leakage through them.
“We’re going to have to start looking into watches and other wearables as they come into the enterprise because they represent another interface for the user to access data. We don’t know who or what else can access that data from that device,” says Guerra. Whether a smart device containing email and other data is lost or stolen or is engaged by an attacker via software, this is one more place sensitive data is found, adding more of a footprint for hackers to attack to gain a foothold, eventually into corporate data stores.
Trend Micro’s Communications Manager, Christopher Budd, suggests following least privilege by using policies and enforcement tools that limit employee capabilities and access to what is necessary to fulfill their role. Make it impossible to use personal email to send or receive any corporate data. “Block access to Gmail. Does anyone in your business have any business reason to access Gmail? If not, shut it down. Then they can’t email a customer list to themselves,” says Budd; “lock down the configurations so that people can’t get themselves into trouble. If I can’t sync my Fitbit to my work machine then I can’t introduce that as an operational vulnerability,” says Budd.
For more information regarding smart devices, wearables and malware, read the full CSO Online article.
APPLICATION DEVELOPMENT: Blue Mountain Data Systems is dedicated to Application Development and Systems Integration for Federal Civilian Agencies, Document Management Systems that help in the preparation, scanning, indexing, categorizing and quality control of millions of pages of paper documents to electronic format and the Automation of Workflow Processes. Call us at 703-502-3416.