Convenience, instant connectivity and information at our fingertips are just some of the reasons for the growth in mobile and wireless technology. The result is a plethora of affordable, multi-functional mobile solutions available to the consumer. This in itself is not necessarily a bad thing.

However, we often forget that this same technology, developed to assist an ‘always-connected’ generation of digital lifestyle enthusiasts, is also abused by criminals.

Little or no control

The modern workplace continues to face the threat of attacks and many of these take place via mobile infrastructure. Companies have little or no control over when or how an employee downloads information onto personal storage devices, or if and when this information is re-introduced into the network. More often than not the data contains a virus or trojan horse and immediately infects the corporate network.

Memory sticks and USB flash drives are useful to store, transport and re-access information. However, they can be used – either intentionally or otherwise – to disrupt systems by downloading off a file server and then reintroducing corrupt info. Then there is every possibility of devices like MP3 players, digital cameras and mobile phones being brought into the mix.

i-Pod slurping is another means of illegal information gathering and manipulation. The i-Pod is an external storage device used to store digital music files. With the right software, available off the Internet, this otherwise harmless device can be instantly transformed into a portable hard drive to extract sensitive or classified information from the company.

3G devices are also used to bypass gateway parameters and compromise the network. Access is gained via a 3G card and the user is left to browse the Internet and introduce an array of threats.

Social engineering

Theft of personal or corporate data remains the singular, most significant motivation for online criminals. Attacks are more prevalent and have contributed towards the emergence of a new breed of law breaking – social engineering.

This is based on the manipulation of information in order to intentionally blur the lines between the physical reality and digital realm. By doing so the perpetrator gains direct access to the lives of their victims and can thereby control the situation.

If left to their own devices, anyone who connects mobile devices to the network without the knowledge and consent of management, should be considered a threat. Any organisation or company that has no policy-based rules sets in place renders its network vulnerable, especially from the inside.

The use of mobile solutions like laptops must be regulated. At the very minimum, these products have to incorporate personal firewalls, encryption and intrusion prevention.

In terms of email, encryption is established and in use, but its success is reliant on the other party having installed the key as well. That is why content filtering has emerged as a popular alternative.

Security best practices

There are security best practices that can be incorporated into organisation or company to help reinforce protection and the status of data. Aspects such as endpoint compliance, anti-virus, firewalls and vulnerability assessment and management certainly help.

These should be considered and incorporated in accordance with the core focus of the organisation or business.