Smartphones, what are the risks?

The European Network and Information Security Agency advise CIOs on the benefits and pitfalls of smartphones at work

Some 80 million smartphones were sold worldwide in the third quarter of 2010, accounting for 20 per cent of total mobile phone sales, according to a report from the European Network and Information Security Agency (ENISA).

The report, entitled Smartphones: Information security risks, opportunities and recommendations for users, also provided details of privacy problems CIOs should be aware of when issuing smartphones at work.

The core risks are as follows:

• Data leakage resulting from device loss or theft

• The unintentional disclosure of data

• Attacks on decommissioned smartphones

• Phishing attacks

• Spyware attacks

• Attacks made through rogue networks

• Surveillance attacks

• Attacks using malware to make use of premium SMS or numbers

• Malware attacks to obtain financial details

• Network congestion

By highlighting these, ENISA has provided some recommendations that should be taken on board in order to prevent security breaches.

When employees decommission or recycle their handset they should have to apply a thorough decommissioning procedure, including a memory wipe process.

Further to this, a company should define and enforce an an app whitelist.

Employees should also use encryptions for the smartphone memory and removable data.

For high officials, ENISA recommends not storing sensitive data locally and only allowing online access to sensitive data from a smartphone using a non-caching app. Also, periodically wiping and reloading should be considered, using a specially prepared and tested disk image.