Many SMB mobile devices unmanaged, presenting security risk

Many SMB mobile devices unmanaged, presenting security risk

Summary: More than half the Apple iOS mobile devices considered in a newly released study by mobile security vendor Mobilisafe were using outdated firmware.


A study by Seattle-based security software firm Mobilisafe suggests that many small and midsize businesses seriously underestimate the number of unmanaged mobile devices that are connecting to their network on any given day. That, in turn, means that their information security policies are probably woefully underprepared for that onslaught.

Mobilisafe said it gathered the data over the past three months, mapping more than 38 million mobile device connections being made during beta tests of its mobile security services. That research shows that the Bring Your Own Device (BYOD) movement, while a boon for productivity, has made it far tougher for SMBs to make sure that mobile devices are up-to-date with all the latest software patches and security updates, according to the company.

Mobilisafe figures that approximately 80 percent of employees at SMBs testing its services are using smartphones and/or tablet computers. It would make sense that this number would be pretty high, given that is the sort of business that the company is targeting.

Still, that prediction echoes new research from Forrester Research that suggests more than half of workers around the globe are using at least three different devices for work purposes, even if the IT organization doesn't know about them (at least officially).

Of all the mobile devices and personal computers used in work settings, Forrester reports that 60 percent of them are used for BOTH work and personal purposes.

That is dangerous because individuals are less likely to be vigilant about updates and security.

Among the Mobilisafe research set, for example, approximately 56 percent of the Apple iOs mobile devices that showed up in the study were running out-of-date firmware, the company reported.

Overall, approximately 39 percent of the devices that had been authenticated at least once on a network had been inactive for more than 30 days, according to the Mobilisafe data. That should cause concerns about whether or not those devices have been lost (and therefore present a possible corporate security risk) or whether or not the devices were used to download sensitive corporate data that has been passed along in unmonitored ways.

Obviously, Mobilisafe has self-interest in pointing up this sort of data. After all, the company's software is designed to make it simpler for small businesses to keep track of these sorts of things.

But even if the data comes from a source with a vested interest in the findings, it doesn't make them any less scary. The fact is that mobile security and management needs to be a much higher priority for many SMBs, which have been caught somewhat behind the Bring Your Own Device (BYOD) trend.

Topics: Security, Mobility, Smartphones, SMBs

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Many SMB mobile devices unmanaged, presenting security risk

    The unfortunate reality is that most SMB place too much trust in their team, and take a gamble. However, once an issue arises, they realize the hardway that the perceived high expense of a solid MDM solution ( is far less than the cost of the consequences.
  • RE: Many SMB mobile devices unmanaged, presenting security risk

    In my experience, it is often the other way round, the private equipment is fully patched and secured, it is the company equipment that is outdated and needs patching.

    One client I worked for in 2009 had a fleet of XP desktops, most of them had not had SP2 installed and none had had a single security update since 2004. Their mobile device fleet wasn't in much better shape.

    Okay, I also know people who are still running Windows 95 on Pentium II machines. ;-)
  • Those companies will never tell you your systems are safe

    ...they'd lose their business. So whenever you see an "analysis" made by Symantec, avast or this Mobilisafe, it's their PR aimed to gain some market attention.
    Do you were helmet when walking your dog after dark? Most of us don't, we take the risk of being hit.
    If you become a target for some reason, standard IT security measures won't save you. If you don't become a target, you're safe. If your risk analysis tells you are a potential target, you shouldn't use standard tools like emails, social networks, VPNs etc. You should have a dedicated platform for managing sensitive information, it's not that expensive these days and even SMBs can afford it. Anyone using emails is vulnerable.