Importance of Smartphone Security in Business Environment

Importance of Smartphone Security in Business Environment1.0 IntroductionThe purpose of this document is to expose a communication channel problem from a technical viewpoint. The subject work of the handicraft problem I pee selected is smartphone credential. This subject give be analysed and critically evaluated, then spread out upon further to reflect the range of possible solutions and raise consciousness of the risk and bring of smartphone host era.1.1 Aims and objectivesAimsCreate an authoritative document with recommendations to raise sureness and inform seames for the train of greater fluid guarantor within the business environment.Use insight to establish a research gap.Main objectivesAssess smart mobile devices presently mathematical functiond.Analyse credentials advant come alongs and disadvantages of smart mobile devices.Establish what risks smart mobile devices ar exposed to.Evaluate impact of risk exposed by unsecure mobile devices to businesses.Examin e mobile certification currently available.Investigate responsibilityEvaluate current business policies and procedures for mobile devices and how these potbelly be enforced.Construct smartphone warranter die hard with recommendations for businesses.1.2 Problem statementThe problem is teaching and financial loss delinquent to development stealth or inaccessibility from malicious software, and the detrimental impact this has upon the business.A re centime brood from Gartner (reference report) indicates that sales of smartphones sop up grown exponentially and businesses are reaping the benefits gained from smartphones, however their use also creates trade protection risks and opportunities for cybercriminals.There are many types of information that whoremaster be stored on smartphones for example, ad hominemisedly identifiable information in the form of identity credentials, email, SMS and MMS messages, GPS coordinates, passwords, company documents and connectivity acces s information to company servers as on the scarceton some of the examples.Information shelter has gained significant value within the business domain everyplace the past decade however this value remains inbred (why subjective? And value pertaining to what?). Users sport been made awake of the risks posed by malicious software whilst development their person-to-person computer on the internet, now assistive technology like smart mobile devices are becoming increasingly much powerful, functional and ubiquitous.Where personal computers puddle at least some security software in place as modular, smartphones comm unless have no security software installed as a standard and are susceptible to (Malware, Viruses, trojans,etc-examples revel )) the exact same threats as to personal computers.Businesses, professionals and personal users now have a greater informedness for the need of personal computer security. This has been provided by media coverage, endeavor training or thr ough personal experience. When development a personal computer or laptop for example, it is common to find a firewall and anticomputer virus software installed demo that internet safety has now become a societal normalcy.Smartphones are more powerful than supercomputers were a few years ago, and we are putting them in the hands of muckle whove never had anything like it before. Google CEO Eric SchmidtAs Schmidt states smartphones are pervasive devices, workers typically need training on these devices as they are multifunctional and unless people are sure of the threats these devices pose the consequences can be detrimental on the business.Todays organisations rely heavily upon information technology in order to allow their business to function (Khosrowpour, 2001). This is fundamentally due to how intricate information technology systems are embedded into organisations.Smartphones provide businesses with many late opportunities (sweeping statement-what opportunities and is thi s your opinion/referencing?) however these opportunities provided by smartphones last not just for business and personal users as the opportunity exdecadeds to cybercriminals too.Malware is one of the approximately common sources of security failures within businesses currently (sweeping statement-most common according to who?), they have the same capabilities as personal computers and are use within business environments in the same manner, however they are typically unsecure and rely solely upon the standard out-of-the-box security features with no antivirus or firewall present.There are many different mobile operating systems for smart mobile devices requiring different security applications. The operating systems and the risks associated lead be carefully analysed.The intentions of this motif are to investigate what impacts smart mobile devices can have on businesses, why these problems guess the organisation, and how they are overcome.Finally, insight provide be gathered and recommendations made so that businesses can use to foresee and prevent future unnecessary costs and risk.2.0 Literature suss outThe focus of the subject proposed for this project is a very real-world business and information technology problem. Smartphone security is a recognisable potential problem for two individuals and businesses as most smartphone users including businesses and educational establishments do not have any specific policies in place to safeguard from smartphone security related issues.Because smartphone security is still in its infancy, it forget be a challenge to source accurate and relevant information from authoritative sources such as Emerald without resorting to web found research. However, the more this project advances smartphone security in the media is becoming omnipresent.For the project a accompany go out be proposed in order to gain knowledge for understanding how alert users are for the need of smartphone security. This survey result targe t as many participants as possible in order to gather appropriate primary evidence. Interviews will be conducted with professionals in the field of smartphones and security such as police personnel, security advisors and mobile phone shop staff to ascertain levels of security training, public security literature and knowledge. positive information sources will be utilise to gain technical information groomly from manufactures, websites and retail outlets such as Apple, Android, Research In Motion, Nokia and Microsoft for documentation on smartphones and smartphone platforms. Only technical information will be employ from these sources as it is in manufacturers interests to sell their productsAnalysis of the survey will be done using statistical digest tools including IBMs SPSS, SPSS Text Analysis software and more modern statistical analysis web-based techniques such as MarketSight. MarketSight is a hosted research data reportage environment accessible by the internet and only a vailable through the internet browser Microsoft explorer whereas SPSS is software directly installed onto a computer.Malware the new good risk the paper written by Verine Etsebeth in 2007 has invaluable source material for this project. Acquired from Emerald Insight, it is very suitable to this project as it highlights the threat of malware and risks posed to businesses. It is rise up written and authoritative however Emerald specified it was unique as no such document has been print previously.The bulk of sources used by Etsebeth are from Harley, D Slade, R and Gattiker, U. Etsebeth references Viruses Revealed (McGraw-Hill, New York, NY 2001) This source is recognised and trusted within the industry as a whole and is considered to be authoritative and intimately-documented on its own merit. This paper focuses on the legal and professional implications of malware on companies in South Africa Etsebeths home town.This paper is very suitable for this project as it is a very advant ageously written and authoritative document, the bulk of sources used by Etsebeth are from Harley, D., Slade, R. and Gattiker, U. (2001) Viruses Revealed, McGraw-Hill, New York, NY. The source used by Etsebeth Viruses Revealed as a well-documented authoritative document published by McGraw-Hill, a recognized trusted source. Etsebeth is a senior lecturer in the Faculty of law specialising in the areas of law and information security.Although Etsebeths paper Malware the new legal risk is highly suitable in terms of soft information, it lacks suitable geographic law for the scope of my project. I will use the information provided by Etsebeth for Malware, as this information is not geographically bound, and analyse the legal implications after comparing them to UK law.Etsebth highlights that companies are reluctant to report cybercrimes as it has negative implications on the companys reputation this correlates to my hypothesis.Understanding the spreading patterns of mobile phone viruse s by Pu Wang, Marta Gonzalez, Cesar Hidalgo and Albert-laszlo Barabasi is a technical journal based on mobile phone virus modelling and the understanding of spreading patterns.The journal was published in 2009 and investigates various mobile platforms relating to my assignment however the document is a highly technical report based on the mathematics of virus spreading patterns, I find this report to be highly enlightening however due to the technical awareness of the target reader of my assignment I believe this report to be too technical and out of scope.Authoritative information directly from manufactures websites and retail outlets will be used including Apple, Android, Research In Motion, Nokia and Microsoft for documentation on smartphones and smartphone platforms as this will allow me to access accurate and current reliable information directly. unoriginal information sources will be avoided where possible such as blogs and review websites for direct smartphone technical info rmation as these types of resources may facilitate in providing faulty facts.Local mobile phone retail outlets such as Orange, Vodaphone, Phones4u, The Carphone Warehouse, O2 and T-Mobile will provide me with valuable information on device security awareness. I will enquire on staff security training and in-house company security literature currently available to public and business consumers as this will affect the comely smartphone users security awareness.After investigation smartphone security I established that some research in this area had been done already by Goode recognition a UK company based in London.Goode password is a company that provide strategic research and analysis that specialises in information security. Founded in 2007, Goode Intelligence has provided clients globally with statistical information from evidence accumulated from surveys in the field of information security. Goode Intelligence is viewed as an authoritative market leader of information securi ty consumer information.2.3 How this project fits in with the literature reviewI had chosen the subject then chosen the literature review method, hence tailoring the literature review to fit the requirements of the project.The Survey will allow me access information on how smartphone users actually use their device, how all-important(prenominal) they view the information stored on the device and users erudition of the need for security3.0 Research methods3.1 HypothesisBusinesses are not aware that they are at risk of information and financial loss or theft due to malware infections on smartphone devices.Information Technology consultants have recognised the gap in security for mobile devices, however it was soon realised that the physical security of the device was not the real issue, as the need for smartphone security awareness within businesses was a far greater concern. Experience establishes that the best form of security is the awareness for the need of security and why by the individuals who use the technology.Smartphone malware is not seen as of great importance to IT professionals, business managers or general consumers. A majority of smartphone users use their devices for both business and personal use and a large share of smartphone users will be using their personal smartphone for work related activities.The confidence is based that most individuals would know what information they deemed as confidential, more specifically, what information would they not like others to access to include such things as calendar, contacts, photos, emails and files.IT professionals should be the most aware group of smartphone malware risk, as their experience and technological awareness should allow them to be more technologically security aware.Antivirus used on personal computers is well known to hinder system performance and conflict with some applications and other software, The hypothesis is that antivirus products will consume more system resources then cur rent smartphones can afford to offer and require more power from the device ultimately reducing the onslaught life and impacting negatively on overall system performance, variant the device unusable by the average user.The perception of products such as the iPhone are viewed as secure out-of-the-box along with Blackberry smartphones as they are in general touted by mobile phone shop staff as business orientated secure devices.3.2 MethodologyThe project will be implemented using a triangulated, positivistic methodological approach. The particular technique chosen this will provide a balanced view of the subject area. It will incorporate both quantitative and qualitative primary research methods as reffered to by Bryman as multi-strategy research (Bryman, 2006). The scope of this project will mostly be Quantitative based research as indicted in Fig 1 below.Bryman advises that quantitative data can be gathered by steering of a survey and qualitative research collected from journal s and interviews.The Initial research will be conducted using primary research in the form of a cross-sectional survey questionnaire with unlikable questioning, interviews with professionals in the field of smartphone related security such as police personnel, security advisors and mobile phone shop staff will also be conducted to gain knowledge of their awareness of smartphone security and what advice they provide.The survey will be available to respondents in paper form where needed however the survey respondents targeted will mostly be from the internet so it is required that the survey be electronically hosted. The web-based survey distribution method selected is Survey rapscallion.The main motivations for selecting Survey Monkey are reputation, administration features, ease of access and user layout familiarity. The survey will be designed to be concise and simple to maximise the amount of respondents in order to gain quality information.The target survey population will repr esent business managers, IT professionals as well as individuals who use their smartphone for personal use to establish users who admit to using their smartphone for both business and personal as opposed to personal use only. This is suggested by Baxter as an important step in defining who should be included and excluded from participating in the survey (Baxter, L. Babbie, E, 2004).The users have been targeted as the project will establish not only the perception of smartphone security but also what smartphone policies and procedures are currently in place and how aware users are of these.Research indicates that an ideal resource for the proposed target users is through a general internet based technological social news website named Reddit. Reddit has a daily turnover of over 850.000 unique users (Alexa, 2010). consort to Alexa the average Redditors are male surrounded by the age of 18 to 44, are well educated and browses Reddit either from work or home, suggesting that the maj ority of Redditors are working professionals in the technology field.This suggest that the average Reddit user is technologically aware (Alexa, 2010), suggesting that Reddit would suit the proposed target survey participant.The proposed project will be delivered using an analytical in-depth research structure. This project structure has been selected as it will primarily be research based on the current business problem as previously stated.The intentions are to analyse the problem, understand how aware people are of the issue and propose possible solutions,One method of analysis proposed is the conceptual method, as described by Beaney as a way of breaking down or analysing concepts into their constituent parts in order to gain knowledge (Beaney 2003). I have interpreted this to mean the compartmentalisation and analysis of data.Critical and creative thinking skills such as Edward.De Bono six thinking hats will be used to examine the problem domain. A review will be given on how th e systems work and compare them to how they should work. I will then analyse the solution domain by examining which options are available to purify the system security along with optimal recommendation and the benefits this would provide.SPSS is a well-established statistical analysis application first released in 1968. Randomised questions, Marketsight. Survey design4.0 Results4.1 presentation and description of resultsWho took part?The survey was conducted to establish the awareness of information security and the need for smartphone security. Users were openly invited from technological backgrounds to partake in the survey and assured of anonymity.A total of 758 people responded to the online survey from a possible 854,998 potential participants (Fig. 2). The survey itself was open for one month during February and March 2011.The results indicated in Figure 2 that a majority share of survey participants, with 82 per cent being male and 18 per cent female confirms my survey targ et gender. When asked, both genders averaged at age 26 (Fig. 3) as denoted in Figure 3, again confirming my target survey demographic groups.When asked 53 per cent of respondents describe they had used their smartphone solely for personal use, opposed to 45 per cent of partakers that reported they used their smartphone for both business and personal use, with 2 per cent reporting to use a smartphone solely for business use only as shown in Fig. 4 combining a total of 47 per cent.25 per cent of respondents had only been using smartphones for the past six months, 17 per cent were aware they had been using them for at least a year and a majority percentage of 59 per cent had been using smartphones for more than one year seen in Figure 5.Only 12 per cent of respondents opted to use the hold as you go payment facilities as opposed to the greater majority of 88 per cent that have contracts shown in Figure 6 below.87 per cent of participants reported that they did not use any form of sma rtphone security software such as antivirus as opposed to 13 per cent that did as highlighted in Figure 7.SMARTPHONEIn answer to the question What type of smartphone do you currently use? 34 per cent of respondents said they used an Apple IPhone, 58 per cent reported to use Android smartphones, 13 per cent used Blackberries and 6 per cent of respondents had Symbian smartphones (Fig. 8).87 per cent of respondents had used calendar functions, 94 per cent of respondents used email, 86 per cent of used games, 87 per cent of respondents used GPS features, 74 per cent of respondents used instant messaging, 52 per cent of respondents used internet banking facilities, 66 per cent of respondents used multimedia messaging service (MMS), 94 per cent of respondents used the short messaging service (SMS) feature and 78 per cent (Fig. 9) of respondents admitted to using social networking sites on their smartphone.93 per cent of survey partakers used 3G for mobile data communication, 59 per cent o f respondents used Bluetooth technology, only 4 per cent of had used infrared line of sight technology, however 75 per cent of respondents admitted to connecting via universal serial bus (USB) and 94 per cent of participators had used wireless for mobile data communication shown in Figure 10. Total of 757 participators answered this question and 1 partaker chose to skip the question.From a total of 758 respondents, 63 per cent (476) valued the physical smartphone above the 37 per cent (282) whom valued the information more.Figure 12 shows 62 per cent of survey participants reported that they did not pay attention to licence agreements and permissions when installing applications on their smartphones 34 per cent reported they did read the licence agreements and permissions. 4 per cent of respondents believed that this question was not applicable to them for their smartphone use.The awareness for the need of personal computer security is apparent as 81 per cent of responders were awa re for the need of security software for personal computers as opposed to the 19 per cent who were not aware. 94 per cent participants have connected their smartphone to a personal computer (PC), 6 per cent stated they had not ever connected to a PC. All 758 respondents answered this question.Figure (XXX) shows that survey respondents considered smartphone security as beneficial but not subjective as the majority answer with 64 per cent , 21 per cent (159) didnt not consider there to be a need currently for smartphone security software as opposed to 15 per cent (114) whom considered smartphone security software as absolutely essential.95 per cent of respondents were aware of Adware, 27 per cent had known about Badware, 25 per cent of respondents were aware of Crimeware, 69 per cent had previous knowledge of Rootkits, Trojans 95 per cent,, Spyware 95 per cent, and Worm 90 per cent were the most commonly aware terms of malware from the malicious software list, the majority being Viru s with 97 per cent of respondents being aware of this type of malware. 731 respondents answered this question.96 per cent of respondents stated that they owned the smartphone, only 4 per cent of respondents had employer owned smartphones. All partakers responded to this question.Out of the 758 respondents, 15 per cent were aware of policies within their place of business, with the majority of respondents 41 per cent unaware of any workplace policies or procedures particularly orientated toward smartphones. 44 per cent responded that the question was not applicable to them. All participants answered this question.It is raise to find that only 15 per cent stated they were aware of specific workplace policies and procedures specifically for mobile phones and 40 per cent were aware there were no mobile phone policies and procedures. A majority of 92 per cent (699) had not been advised of any security methods to protect them or their information from fraud, theft or malicious software. 8 per cent (59) respondents agreed they had received adequate security advice.4.2 Discussion and interpretation of survey resultsAnalysing the results of the survey shows the majority of smartphone users to be Android users peaking in the 20 to 24 age bracket, this would indicate that an IT professionals choice of smartphone is Android as indicated in Figure 3 below.Smartphone survey contributors within the 20 to 24 age group were then further examined to indicate what purpose is intended when using the devices, examining the results shows clearly that a majority of survey respondents reported they viewed their smartphone use as personal use, however disturbingly over half the users in the same age group admitted to using their smartphone for both personal use and business use as shown in Figure 4.Female respondents preferred the features provided by iPhones however also as opposed to male smartphone users who clearly preferred the Android platform over all others as seen in Figure (XXX).Examining users perception for the need of smartphone security against those users whom did or did not have antivirus shows that the awareness for the need of security correlates to users whom did indeed have smartphone security measures in place with nearly half of users who responded Absolutely essential to the question How necessary do you see the need for smartphone security software as shown in Figure (XXX).However the overall amount of smartphone users with antivirus or other security is disturbingly low given the malware threats currently available.The results also show us that a large majority of IT professionals do view smartphone security as beneficial however not essential. Android users are the most security aware demographic as demonstrated in Figure (XXX) above. This indicates that users are not aware of the threats posed by malware and view the need for smartphone system performance greater than the need for security.Business users have been defined as responden ts who confirmed they used their smartphone for business only and users who reported they used their smartphone devices for both business and personal use.Smartphones have many features of value to employees as shown in Figure (XXX) Below, Email, Calendar, GPS and SMS features were shown to be the most used features all of which are viewed to aid employee productivity. However features such as games and social networking which negatively affect employee productivity were also shown to be frequently used, suggesting that smartphones can have negative effects on employee productivity. Figure (XXX) also shows us that over half of business users reported to use internet banking facilities from their smartphones.After finding out what smartphone features business users were most interested in I studied how aware business users were of security permissions and licence agreements prompts when installing new applications on their smartphones.The pie chart below is a representation of busine ss user survey respondents awareness of how essential smartphone application installation security prompts are in regards to new application installations.Figure (XXX) shows us that 60 per cent of all business users admitted that they did not pay attention to licence agreements and permission prompts when installing new applications.The distinction between smartphones and personal computers is becoming increasingly marginal. Personal computers for example do not have built in billing systems and unless connected to the internet are static devices accessible via a local area network or through direct contact. Smartphones have an integral billing system are completely mobile and have multiple connectivity methods.When business user survey partakers were asked if they used any security applications such as antivirus, an overwhelming majority responded that they did not use any security products. This confirms part of my hypothesis that business users do not perceive smartphone security as a real threat.Discovering that the majority of business users used internet banking facilities for either personal banking or business banking and 9 out of 10 business smartphones had no security products installed it was elementary to understand if business users were aware of smartphone malware threats.The line graph in Figure (XXX) indicates that over 90 per cent of business users are aware of malware threats such as Adware, Spyware, Trojans, Viruss and Worms however business users were all least aware of malware threats such as Crimeware as indicated in Figure (XXX)Survey respondents who reported they used their smartphone for personal use only were excluded from the following analysis.7 out of 10 business users confirmed they were not aware of any specific smartphone security policies at work (Figure (XXX)The awareness of security for iPhone smartphones is low as users perception of Apple and Mac OS is that it is impervious to malware infection. Research shows that iPhone u sers have the least amount of antivirus installed on devices. As discussed earlier, users are completely reliant on Apple to vet all applications for malicious code, whereas Android and Symbian applications are open source so users may inspect the contents for malware.secure smartphone model, least security aware groupAndroid users are the most security aware demographic group as the typical android user is conscious that malicious software exists and the android community are able to vet applications themselves. Android users were also the highest security aware group with the highest percentage of antivirus products per smartphone.Virtual environments, least secure smartphone perceptionBlackberry smartphones were the most secure devices in regards to email, network connectivity however it was found that application signatures can be purchased by anyone for a small fee thus rendering the security of the device minimal.Very secure aspects, not as secure overallSymbian smartphones ar e found to be the most current common target for malware developers.Low securityWindows phone 7 is the newest platform on the smartphone market and only time will tell how secure the device is.Awareness and concern5.0 SmartphonesPrivate and confidential data from lost or stolen mobile devices such as laptops, USB pen drives and computer storage drives has gained negative exposure within the media recently however one of the largest growing threats to corporate information comes from unsecure smartphones.To understand this statement it is important to appreciate the history of the smartphone to recognise why smartphones pose such a threat in todays business environment.A mobile phone is a portable electronic device used to make and receive telephone calls. The mobile phone was first revealed by Dr Martin Cooper from the company Motorola in 1973, it was not until ten years after Dr Coopers demonstration that Motorola released its flagship mobile phone the DynaTAC, this was the worlds first commercially viable mobile phone (Motorola, 2009).Originally these devices were commercially targeted at businesses and upper fellowship individuals as the cost of the device was very high and the actual usage was severely restricted, due to the technology limitations at this time of battery weight (Motorola, 2009) and because the battery duration was limited to last a maximum of 30 minutes thus making the device impractical and available only to businesses and professional consumers.According to Moores Law, the number of transistors on a chip roughly doubles every two years. (Intel, 2005)As Moore stated over thirty five years ago, due to the advancement of processors, battery technologies and overall reduced power consumption, mobile phones have become lighter, smaller, more powerful and longer lasting (Intel, 2005). Due to these fundamental technological advancements mobile phones have been able to incorporate additional existing technologies such as camera units, sensors, speakers and often take advantage of JAVA based applications and features, thus coining the term Feature phone. Feature phones are more advanced technologically than mobile phones however nowSmartphones currently reside in the top stage of mobile communication technology.The term smartphone is ambiguous and many experts fail to agree on a suitable definition. Most smartphone features are not exclusive to a particular category, this project does not intend to make that definition, however for the scope of this project I have listed combined definitions and compared current smartphone f