Just days after Google’s February 2 launch of its Bouncer service to automatically remove harmful mobile apps from its Android Market, security watchdogs at the independent firm, Android Police, found fake versions of Jetpack Joyride, Madden NFL 12, Batman Arkham City Lockdown, Angry Chicken and nearly a dozen other apps. These apps contained malware to steal user’s personal information or make a mobile device function as part of a botnet. Symantec has also identified new malware that is calls Android.Opfake that is promoted as free version of Android software. The software downloads a Trojan app that surreptitiously sends SMS texts to premium-rate numbers, until the smartphone owner’s account balance is exhausted.
News of continuing malware problems for Android mobile devices reinforces the need for organizations to secure their devices and closely monitor mobile expenses. It is impossible to ignore employees’ demands to bring their mobile devices to work (BYOD), but is also impossible to ignore risks to security and runaway expenses from a completely hands-off approach to mobility.
Employers also have responsibility to shareholders and customers to ensure that sensitive data is secure. Healthcare workers are subject to HIPPA privacy laws requiring that device security plans protect patient information. European privacy laws and U.S. states require special protocols to secure call records and other personal information. Merchants that accept credit cards on mobile devices must comply with the PCI security standards. The banking sector must protect loan and other private credit information.
Managers of TEM programs and MMS need to recognize that BYOD programs carry other hidden costs.
- Employers may unwittingly pay for mobile expenses when managers approve expense reports for employees’ mobile charges and analysts process these smaller charges in a piecemeal fashion shifting items into new budget categories that are not associated with the telecom budget.
- Employees are unable to negotiate volume discounts, waivers for equipment replacement charges and free mobile devices.
- Individuals buy a fixed bucket of minutes and data each month that are subject to overage charges from spikes in usage and unused minutes, and they are unable to benefit from corporate pooling of individuals’ service plans that provide a lower net cost.
- Security breaches and identity theft can hurt organizations’ bottom line.
Organizations need to create profiles to identify employees that have sensitive data and intellectual property. Few workers fit a profile where their communications do not contain something that needs to be secured. In those rare cases, a hands-off approach will work, but even these workers present risks if hackers are able to exploit their devices as entry points to mine more sensitive data on the network. Employers need to develop policies and utilize TEM software to reduce risks from security threats and runaway expenses.
