-SMS
-Web browser
-3rd Party Apps
-”Jail-Broken Phones”
-Operting System Vulnerabilites
-Physical Access
-SMS
-Web browser
-3rd Party Apps
-”Jail-Broken Phones”
-Operting System Vulnerabilites
-Physical Access
-Message Forwarding
-Credential Acquisition
-Recording or Listening to conversations
-User Tracking (GPS)
-Data Collection
–There are litany of controls that organisations can employ–
Force Encryption of data at rest.
Force secure connectivity on unsecured public networks
Confirm unauthorized mobile devices do not have access to corporate LAN
Confirm mobile user spending is in-line with mobile security policy
Implement over-the-air decommissioning of lost or stolen devices
Set the device to auto-lock
Set limit for unauthorized login attempts
Handheld devices should be enterprise property
Before an employee departs, obtain device and remove corporate data
Classify data according to sensitivity of data being carried