How you can handle iPhone security in your business

Businesses must ensure their workers using iPhones connect to the company’s IT security network and do not install unofficial software that could introduce malware into the system, one expert has warned.

The comments come after chief executive of the Australian Crime Commission, John Lawler, told an Australian Institute of Criminology conference that the iPhone has now become a threat to corporate security.

Michael Sentonas, local director for sales engineering and services at McAfee, says IT departments can face some problems that are often generic across all smartphone platforms, but there are also many iPhone-specific cases.

“Where people run into problems, is where they jailbreak these devices. When applications are then installed, you can’t trust them and you could get some malware spreading. If an IT manager is managing a network, and someone has a jailbroken iPhone, he’ll never know.”

Jailbreaking is a term used to define a process whereby an iPhone user installs an unofficial operating system on the device. While the phone’s software may look the same, a jailbroken phone actually allows users to installs apps not approved by Apple.

Sentonas says this can happen on corporate networks. But he says some of these unofficial apps can harbour malware and other security flaws that could spread over networks if they are not contained properly.

“The theory behind the application store is that everything you install on the device is secure and free from problems. But if you use a jailbroken app, you have no idea if that is true or not. You need to worry about those applications going onto your devices.”

Other issues, he warns, are more general. He says no matter what smartphones your employees might be using, they need to be monitored.

“There are plenty of data leaks that can happen. People can have their email forwarded to their Gmail or whatever on their smartphone, and they can access and download it there. They can move files and do all their computing on a mobile device.”

“There is completely sensitive information on devices, and nothing stops those users from just not securing that information correctly. That can happen on any device, not just an iPhone.”

The answer, Sentonas says, is that businesses need to work with their IT departments to start setting up security networks that can monitor all devices on the network – especially iPhones. He says if a device is lost, it’s easier to account for it if that device is listed on an official network.

“They need to say to their employers that no matter what device they have, whether it be an iPhone, an iPad, or whatever, they need to connect it to the network and do it properly. They also need to have the ability to support those devices on a network.”

“Once you do that, you can control it. There are software products you can use that allow you to locate missing devices, and so on. Once you account for these devices on software like that, you can control them.”

Lawler told the AIC conference yesterday that due to the rise of smartphones like the iPhone, there is an, ”overwhelming desire for instant services [was coming] at the expense of security and safety”.

He also warned criminals are now using cyber-attacks to steal data, and that due to the rise of popular internet-based clients such as Gmail and Hotmail, the number of attacks is sure to rise.

COMMENTS