Importance of Smartphone Security in Business Environment

Importance of Smartph star Security in Business Environment1.0 IntroductionThe propose of this enumeration is to expose a transmission line line of fetch from a technological viewpoint. The subject of the affair problem I nourish selected is smart scream warrantor. This subject go divulge be crumpled and critically evaluated, and thusly expanded upon further to reflect the orbital cavity of possible solutions and raise aw arness of the risk and claim of smart anticipate guarantor de doweryment establishment.1.1 Aims and objectivesAimsCreate an domineering document with recommendations to raise assuredness and in general anatomy commercial enterprisees for the need of great smooth credential department in spite of appearance the job organization environment.Use insight to establish a explore gap.Main objectivesAssess smart sprightly twistings before long employ. tumble aegis advantages and disadvantages of smart energetic twirls.Establish what ri sks smart mobile impostures be exposed to. rate impact of risk exposed by un set mobile devices to aires.Examine mobile shelter currently avail qualified.Investigate responsibilityEvaluate current business policies and procedures for mobile devices and how these elicit be enforced.Construct smart send for aegis guide with recommendations for businesses.1.2 Problem statementThe problem is information and financial expiry due to information theft or in ragibility from despiteful package, and the ruinous impact this has upon the business.A re centimeimeime report from Gartner (reference report) indicates that sales of smartphones oblige adult exponentially and businesses ar reaping the benefits gained from smartphones, as yet their purpose also creates protective covering risks and opportunities for cybercriminals.thither ar m whatever fibers of information that can be stored on smartphones for example, in person identifiable information in the form of identity credentials, email, SMS and MMS messages, GPS coordinates, passwords, comp some(prenominal) documents and connectivity access information to company servers as just rough of the examples.Information protective cover frame has gained significant cherish within the business realm over the bygone decade however this value remains subjective (why subjective? And value pertaining to what?). Users set out been do witting of the risks posed by malicious packet whilst victimization their individualised computing device on the net, at once assistive applied science like smart mobile devices be becoming increasingly to a greater extent originful, habital and ubiquitous.Where in-person computers have at to the lowest degree some security softw be in place as standard, smartphones comm alone have no security softwargon installed as a standard and are amenable to (Malware, Vir employments, trojans,etc-examples please )) the exact same brats as to ad hominem computers.Bus inesses, masters and personal make subprogram ofrs now have a greater sensibleness for the need of personal computer security. This has been provided by media coverage, enterprise education or through with(predicate) personal experience. When using a personal computer or laptop for example, it is green to knock a firewall and antivirus software installed showing that profits safety has now contract a kind normalcy.Smartphones are more powerful than supercomputers were a fewer categorys ago, and we are putting them in the hands of people whove neer had anything like it before. Google CEO Eric SchmidtAs Schmidt states smartphones are pervasive devices, workers typically need training on these devices as they are multifunctional and unless people are assured of the threats these devices pose the consequences can be detrimental on the business.Todays organisations confide intemperately upon information technology in aver to grant their business to function (Khosrowpou r, 2001). This is fundamentally due to how intricate information technology systems are infix into organisations.Smartphones provide businesses with many natural opportunities (sweeping statement-what opportunities and is this your opinion/referencing?) however these opportunities provided by smartphones pull through not just for business and personal uptakers as the opportunity extends to cybercriminals too.Malware is one of the well-nigh common sources of security failures within businesses currently (sweeping statement- nearly common agree to who?), they have the same capabilities as personal computers and are apply within business environments in the same manner, however they are typically un vouch and rely solely upon the standard out-of-the-box security features with no antivirus or firewall present.There are many contrastive mobile operating systems for smart mobile devices requiring different security activitys. The operating systems and the risks associated go for th be carefully analysed.The intentions of this paper are to investigate what impacts smart mobile devices can have on businesses, why these problems affect the organisation, and how they are overcome.Finally, insight leave alone be gathered and recommendations made so that businesses can use to foresee and prevent future extra costs and risk.2.0 Literature look intoThe focus of the subject proposed for this labor movement is a very real-world business and information technology problem. Smartphone security is a recognizable potential problem for two individuals and businesses as nearly smartphone drug users including businesses and educational establishments do not have any specialized policies in place to bulwark from smartphone security related issues.Because smartphone security is still in its infancy, it leave alone be a challenge to source accurate and relevant information from controlling sources such(prenominal) as Emerald without resorting to web found interr ogation. However, the more this project advances smartphone security in the media is becoming omnipresent.For the project a comply lead be proposed in order to gain knowledge for understanding how mindful users are for the need of smartphone security. This visual sense will get as many participants as possible in order to gather appropriate primary evidence. Interviews will be conducted with professionals in the field of smartphones and security such as guard personnel, security advisors and mobile phone shop ply to ascertain levels of security training, public security literature and knowledge.Authoritative information sources will be apply to gain adept information directly from manufactures, websites and retail outlets such as Apple, Android, Research In Motion, Nokia and Microsoft for documentation on smartphones and smartphone platforms. Only technical foul information will be use from these sources as it is in manufacturers interests to dispense their productsAnalysi s of the survey will be done using statistical analysis tools including IBMs SPSS, SPSS Text Analysis software and more modern statistical analysis web- found techniques such as MarketSight. MarketSight is a hosted research entropy describe environment accessible by the internet and wholly available through the internet browser Microsoft explorer whereas SPSS is software directly installed onto a computer.Malware the parvenue legal risk the paper written by Verine Etsebeth in 2007 has valuable source material for this project. Acquired from Emerald Insight, it is very suitable to this project as it highlights the threat of malware and risks posed to businesses. It is well written and commanding however Emerald specified it was erratic as no such document has been published previously.The majority of sources utilize by Etsebeth are from Harley, D Slade, R and Gattiker, U. Etsebeth references Viruses Revealed (McGraw-Hill, New York, NY 2001) This source is recognized and t rusted within the industry as a whole and is considered to be authoritative and well-documented on its own merit. This paper focuses on the legal and professional implications of malware on companies in South Africa Etsebeths home town.This paper is very suitable for this project as it is a very well written and authoritative document, the majority of sources use by Etsebeth are from Harley, D., Slade, R. and Gattiker, U. (2001) Viruses Revealed, McGraw-Hill, New York, NY. The source employ by Etsebeth Viruses Revealed as a well-documented authoritative document published by McGraw-Hill, a recognized trusted source. Etsebeth is a senior lecturer in the Faculty of law specialising in the arenas of law and information security.Although Etsebeths paper Malware the new legal risk is highly suitable in terms of soft information, it lacks suitable geo representic law for the reaching of my project. I will use the information provided by Etsebeth for Malware, as this information is not geographically bound, and analyse the legal implications after comparing them to UK law.Etsebth highlights that companies are reluctant to report cybercrimes as it has blackball implications on the companys reputation this correlates to my guess.Understanding the spreading patterns of mobile phone viruses by Pu Wang, Marta Gonzalez, Cesar Hidalgo and Albert-laszlo Barabasi is a technical ledger found on mobile phone virus modelling and the understanding of spreading patterns.The journal was published in 2009 and investigates various mobile platforms relating to my assignment however the document is a highly technical report based on the math of virus spreading patterns, I find this report to be highly enlightening however due to the technical awareness of the target indorser of my assignment I believe this report to be too technical and out of scope.Authoritative information directly from manufactures websites and retail outlets will be apply including Apple, Android, Resear ch In Motion, Nokia and Microsoft for documentation on smartphones and smartphone platforms as this will allow me to access accurate and current reliable information directly. lower-ranking information sources will be avoided where possible such as blogs and fall over websites for direct smartphone technical information as these types of resources may facilitate in providing inaccurate facts.Local mobile phone retail outlets such as Orange, Vodaphone, Phones4u, The Carphone Warehouse, O2 and T-Mobile will provide me with valuable information on device security awareness. I will enquire on staff security training and in-house company security literature currently available to public and business consumers as this will affect the sightly smartphone users security awareness.After investigation smartphone security I established that some research in this area had been done already by Goode apprehension a UK company based in London.Goode Intelligence is a company that provide strategi c research and analysis that specialises in information security. Founded in 2007, Goode Intelligence has provided clients globally with statistical information from evidence accumulated from surveys in the field of information security. Goode Intelligence is viewed as an authoritative market leader of information security consumer information.2.3 How this project fits in with the literature reviewI had chosen the subject then chosen the literature review regularity, thus tailoring the literature review to fit the requirements of the project.The perspective will allow me access information on how smartphone users actually use their device, how important they view the information stored on the device and users perception of the need for security3.0 Research methods3.1 HypothesisBusinesses are not aware that they are at risk of information and financial expiry or theft due to malware infections on smartphone devices.Information Technology consultants have tell apartd the gap in se curity for mobile devices, however it was currently realised that the physical security of the device was not the real issue, as the need for smartphone security awareness within businesses was a far greater concern. Experience establishes that the best form of security is the awareness for the need of security and why by the individuals who use the technology.Smartphone malware is not seen as of great brilliance to IT professionals, business managers or general consumers. A majority of smartphone users use their devices for both business and personal use and a large share of smartphone users will be using their personal smartphone for work related activities.The assumption is based that most individuals would know what information they deemed as confidential, more specifically, what information would they not like others to access to include such things as calendar, contacts, photos, emails and files.IT professionals should be the most aware mannikinify of smartphone malware ri sk, as their experience and technological awareness should allow them to be more technologically security aware.Antivirus employ on personal computers is well known to hinder system performance and conflict with some applications and other software, The hypothesis is that antivirus products will consume more system resources then current smartphones can afford to offer and require more power from the device ultimately reducing the battery life and impacting negatively on overall system performance, description the device unusable by the average user.The perception of products such as the iPhone are viewed as secure out-of-the-box along with Blackberry smartphones as they are mostly touted by mobile phone shop staff as business orientated secure devices.3.2 methodological analysisThe project will be implemented using a triangulated, positive(p) methodological approach. The particular technique chosen this will provide a balanced view of the subject area. It will in corporal both quantifiable and qualitative primary research methods as reffered to by Bryman as multi-strategy research (Bryman, 2006). The scope of this project will mostly be Quantitative based research as indicted in Fig 1 under.Bryman advises that quantitative data can be gathered by way of a survey and qualitative research collected from journals and interviews.The Initial research will be conducted using primary research in the form of a cross-section(a) survey inquirynaire with closed questioning, interviews with professionals in the field of smartphone related security such as police personnel, security advisors and mobile phone shop staff will also be conducted to gain knowledge of their awareness of smartphone security and what advice they provide.The survey will be available to respondents in paper form where needed however the survey respondents targeted will mostly be from the internet so it is required that the survey be electronically hosted. The web-based survey dispersal metho d selected is Survey Monkey.The main motivations for selecting Survey Monkey are reputation, brass instrument features, ease of access and user layout familiarity. The survey will be knowing to be concise and simple to maximise the amount of respondents in order to gain quality information.The target survey population will construe business managers, IT professionals as well as individuals who use their smartphone for personal use to establish users who admit to using their smartphone for both business and personal as opposed to personal use only. This is suggested by Baxter as an important mistreat in defining who should be included and excluded from participating in the survey (Baxter, L. Babbie, E, 2004).The users have been targeted as the project will establish not only the perception of smartphone security but also what smartphone policies and procedures are currently in place and how aware users are of these.Research indicates that an ideal resource for the proposed targe t users is through a popular internet based technological loving news website named Reddit. Reddit has a daily turnover of over 850.000 unique users (Alexa, 2010). match to Alexa the average Redditors are manlike between the age of 18 to 44, are well educated and browses Reddit either from work or home, suggesting that the majority of Redditors are working professionals in the technology field.This suggest that the average Reddit user is technologically aware (Alexa, 2010), suggesting that Reddit would suit the proposed target survey participant.The proposed project will be delivered using an analytical in-depth research structure. This project structure has been selected as it will primarily be research based on the current business problem as previously stated.The intentions are to analyse the problem, understand how aware people are of the issue and propose possible solutions,One method of analysis proposed is the conceptual method, as described by Beaney as a way of breaking down or analysing concepts into their constituent parts in order to gain knowledge (Beaney 2003). I have interpreted this to think up the compartmentalisation and analysis of data.Critical and creative thinking skills such as Edward.De Bono six thinking hats will be used to examine the problem domain. A review will be given on how the systems work and compare them to how they should work. I will then analyse the solution domain by examining which options are available to improve the system security along with optimal recommendation and the benefits this would provide.SPSS is a well-established statistical analysis application starting released in 1968. Randomised questions, Marketsight. Survey design4.0 Results4.1 Presentation and description of resultsWho took part?The survey was conducted to establish the awareness of information security and the need for smartphone security. Users were turn overly invited from technological backgrounds to partake in the survey and assured of a nonymity.A tot up of 758 people responded to the online survey from a possible 854,998 potential participants (Fig. 2). The survey itself was open for one month during February and March 2011.The results indicated in var. 2 that a majority share of survey participants, with 82 per cent being male and 18 per cent female confirms my survey target gender. When asked, both genders averaged at age 26 (Fig. 3) as denoted in formula 3, again positive(p) my target survey demographic groups.When asked 53 per cent of respondents account they had used their smartphone solely for personal use, opposed to 45 per cent of partakers that reported they used their smartphone for both business and personal use, with 2 per cent reporting to use a smartphone solely for business use only as shown in Fig. 4 combining a total of 47 per cent.25 per cent of respondents had only been using smartphones for the past six months, 17 per cent were aware they had been using them for at least a year and a major ity percentage of 59 per cent had been using smartphones for more than one year seen in Figure 5.Only 12 per cent of respondents opted to use the compensate as you go behavement facilities as opposed to the greater majority of 88 per cent that have contracts shown in Figure 6 below.87 per cent of participants reported that they did not use any form of smartphone security software such as antivirus as opposed to 13 per cent that did as highlighted in Figure 7.SMARTPHONEIn answer to the question What type of smartphone do you currently use? 34 per cent of respondents s back up they used an Apple IPhone, 58 per cent reported to use Android smartphones, 13 per cent used Blackberries and 6 per cent of respondents had Symbian smartphones (Fig. 8).87 per cent of respondents had used calendar functions, 94 per cent of respondents used email, 86 per cent of used games, 87 per cent of respondents used GPS features, 74 per cent of respondents used ostentation messaging, 52 per cent of respo ndents used internet banking facilities, 66 per cent of respondents used multimedia messaging service (MMS), 94 per cent of respondents used the laconic messaging service (SMS) feature and 78 per cent (Fig. 9) of respondents admitted to using social cyberspaceing sites on their smartphone.93 per cent of survey partakers used 3G for mobile data communication, 59 per cent of respondents used Bluetooth technology, only 4 per cent of had used infrared line of sight technology, however 75 per cent of respondents admitted to connecting via world-wide serial bus (USB) and 94 per cent of participators had used wireless for mobile data communication shown in Figure 10. Total of 757 participators answered this question and 1 partaker chose to skip the question.From a total of 758 respondents, 63 per cent (476) wanted the physical smartphone above the 37 per cent (282) whom valued the information more.Figure 12 shows 62 per cent of survey participants reported that they did not pay attenti on to licence agreements and permissions when installing applications on their smartphones 34 per cent reported they did read the licence agreements and permissions. 4 per cent of respondents believed that this question was not applicable to them for their smartphone use.The awareness for the need of personal computer security is apparent as 81 per cent of responders were aware for the need of security software for personal computers as opposed to the 19 per cent who were not aware. 94 per cent participants have connected their smartphone to a personal computer (PC), 6 per cent stated they had not ever connected to a PC. All 758 respondents answered this question.Figure (XXX) shows that survey respondents considered smartphone security as beneficial but not requisite as the majority answer with 64 per cent , 21 per cent (159) didnt not consider there to be a need currently for smartphone security software as opposed to 15 per cent (114) whom considered smartphone security software as absolutely essential.95 per cent of respondents were aware of Adware, 27 per cent had known about Badware, 25 per cent of respondents were aware of Crimeware, 69 per cent had previous knowledge of Rootkits, Trojans 95 per cent,, Spyware 95 per cent, and Worm 90 per cent were the most commonly aware terms of malware from the malicious software list, the majority being Virus with 97 per cent of respondents being aware of this type of malware. 731 respondents answered this question.96 per cent of respondents stated that they owned the smartphone, only 4 per cent of respondents had employer owned smartphones. All partakers responded to this question.Out of the 758 respondents, 15 per cent were aware of policies within their place of business, with the majority of respondents 41 per cent unaware of any workplace policies or procedures particularly orientated toward smartphones. 44 per cent responded that the question was not applicable to them. All participants answered this question. It is interesting to find that only 15 per cent stated they were aware of specific workplace policies and procedures specifically for mobile phones and 40 per cent were aware there were no mobile phone policies and procedures. A majority of 92 per cent (699) had not been advised of any security methods to protect them or their information from fraud, theft or malicious software. 8 per cent (59) respondents agreed they had received adequate security advice.4.2 word and interpretation of survey resultsAnalysing the results of the survey shows the majority of smartphone users to be Android users peaking in the 20 to 24 age bracket, this would indicate that an IT professionals choice of smartphone is Android as indicated in Figure 3 below.Smartphone survey contributors within the 20 to 24 age group were then further examined to indicate what purpose is think when using the devices, examining the results shows all the way that a majority of survey respondents reported they viewed thei r smartphone use as personal use, however disturbingly over half the users in the same age group admitted to using their smartphone for both personal use and business use as shown in Figure 4.Female respondents preferent the features provided by iPhones however also as opposed to male smartphone users who clearly preferred the Android platform over all others as seen in Figure (XXX).Examining users perception for the need of smartphone security against those users whom did or did not have antivirus shows that the awareness for the need of security correlates to users whom did indeed have smartphone security measures in place with nearly half of users who responded Absolutely essential to the question How inevitable do you see the need for smartphone security software as shown in Figure (XXX).However the overall amount of smartphone users with antivirus or other security is disturbingly low given the malware threats currently available.The results also show us that a large majority of IT professionals do view smartphone security as beneficial however not essential. Android users are the most security aware demographic as demonstrated in Figure (XXX) above. This indicates that users are not aware of the threats posed by malware and view the need for smartphone system performance greater than the need for security.Business users have been defined as respondents who confirmed they used their smartphone for business only and users who reported they used their smartphone devices for both business and personal use.Smartphones have many features of value to employees as shown in Figure (XXX) Below, Email, Calendar, GPS and SMS features were shown to be the most used features all of which are viewed to aid employee productivity. However features such as games and social networking which negatively affect employee productivity were also shown to be frequently used, suggesting that smartphones can have negative cause on employee productivity. Figure (XXX) also shows us that over half of business users reported to use internet banking facilities from their smartphones.After finding out what smartphone features business users were most interested in I studied how aware business users were of security permissions and licence agreements prompts when installing new applications on their smartphones.The pie chart below is a representation of business user survey respondents awareness of how essential smartphone application installation security prompts are in regards to new application installations.Figure (XXX) shows us that 60 per cent of all business users admitted that they did not pay attention to licence agreements and permission prompts when installing new applications.The bankers bill between smartphones and personal computers is becoming increasingly marginal. Personal computers for example do not have built in billing systems and unless connected to the internet are static devices accessible via a local area network or through direct conta ct. Smartphones have an integral billing system are completely mobile and have multiple connectivity methods.When business user survey partakers were asked if they used any security applications such as antivirus, an overtake majority responded that they did not use any security products. This confirms part of my hypothesis that business users do not perceive smartphone security as a real threat.Discovering that the majority of business users used internet banking facilities for either personal banking or business banking and 9 out of 10 business smartphones had no security products installed it was elementary to understand if business users were aware of smartphone malware threats.The line graph in Figure (XXX) indicates that over 90 per cent of business users are aware of malware threats such as Adware, Spyware, Trojans, Viruss and Worms however business users were all least aware of malware threats such as Crimeware as indicated in Figure (XXX)Survey respondents who reported the y used their smartphone for personal use only were excluded from the following analysis.7 out of 10 business users confirmed they were not aware of any specific smartphone security policies at work (Figure (XXX)The awareness of security for iPhone smartphones is low as users perception of Apple and Mac OS is that it is impervious to malware infection. Research shows that iPhone users have the least amount of antivirus installed on devices. As discussed earlier, users are completely reliant on Apple to vet all applications for malicious code, whereas Android and Symbian applications are open source so users may inspect the contents for malware.secure smartphone model, least security aware groupAndroid users are the most security aware demographic group as the typical humanoid user is conscious that malicious software exists and the android community are able to vet applications themselves. Android users were also the highest security aware group with the highest percentage of antivi rus products per smartphone.Virtual environments, least secure smartphone perceptionBlackberry smartphones were the most secure devices in regards to email, network connectivity however it was found that application signatures can be purchased by anyone for a small fee thus rendering the security of the device minimal.Very secure aspects, not as secure overallSymbian smartphones are found to be the most current common target for malware developers.Low securityWindows phone 7 is the newest platform on the smartphone market and only time will tell how secure the device is.Awareness and concern5.0 SmartphonesPrivate and confidential data from lost or stolen mobile devices such as laptops, USB pen drives and computer storage drives has gained negative exposure within the media recently however one of the largest growing threats to corporate information comes from unsecure smartphones.To understand this statement it is important to appreciate the history of the smartphone to recognise wh y smartphones pose such a threat in todays business environment.A mobile phone is a portable electronic device used to make and receive telephone calls. The mobile phone was premier revealed by Dr Martin Cooper from the company Motorola in 1973, it was not until ten days after Dr Coopers demonstration that Motorola released its flagship mobile phone the DynaTAC, this was the worlds first commercially possible mobile phone (Motorola, 2009).Originally these devices were commercially targeted at businesses and upper class individuals as the cost of the device was very high and the actual utilisation was severely restricted, due to the technology limitations at this time of battery tilt (Motorola, 2009) and because the battery duration was limited to last a maximum of 30 minutes thus making the device impractical and available only to businesses and professional consumers.According to Moores Law, the number of transistors on a chip roughly doubles every two years. (Intel, 2005)As M oore stated over cardinal five years ago, due to the advancement of processors, battery technologies and overall decrease power consumption, mobile phones have become lighter, smaller, more powerful and long-term lasting (Intel, 2005). Due to these fundamental technological advancements mobile phones have been able to incorporate additional existing technologies such as camera units, sensors, speakers and oftentimes take advantage of JAVA based applications and features, thus coining the term give phone. Feature phones are more advanced technologically than mobile phones however nowSmartphones currently reside in the top tier of mobile communication technology.The term smartphone is ambiguous and many experts fail to agree on a suitable definition. Most smartphone features are not exclusive to a particular category, this project does not intend to make that definition, however for the scope of this project I have listed combined definitions and compared current smartphone f