Many SMB mobile devices unmanaged, presenting security risk

More than half the Apple iOS mobile devices considered in a newly released study by mobile security vendor Mobilisafe were using outdated firmware.
Written by Heather Clancy, Contributor

A study by Seattle-based security software firm Mobilisafe suggests that many small and midsize businesses seriously underestimate the number of unmanaged mobile devices that are connecting to their network on any given day. That, in turn, means that their information security policies are probably woefully underprepared for that onslaught.

Mobilisafe said it gathered the data over the past three months, mapping more than 38 million mobile device connections being made during beta tests of its mobile security services. That research shows that the Bring Your Own Device (BYOD) movement, while a boon for productivity, has made it far tougher for SMBs to make sure that mobile devices are up-to-date with all the latest software patches and security updates, according to the company.

Mobilisafe figures that approximately 80 percent of employees at SMBs testing its services are using smartphones and/or tablet computers. It would make sense that this number would be pretty high, given that is the sort of business that the company is targeting.

Still, that prediction echoes new research from Forrester Research that suggests more than half of workers around the globe are using at least three different devices for work purposes, even if the IT organization doesn't know about them (at least officially).

Of all the mobile devices and personal computers used in work settings, Forrester reports that 60 percent of them are used for BOTH work and personal purposes.

That is dangerous because individuals are less likely to be vigilant about updates and security.

Among the Mobilisafe research set, for example, approximately 56 percent of the Apple iOs mobile devices that showed up in the study were running out-of-date firmware, the company reported.

Overall, approximately 39 percent of the devices that had been authenticated at least once on a network had been inactive for more than 30 days, according to the Mobilisafe data. That should cause concerns about whether or not those devices have been lost (and therefore present a possible corporate security risk) or whether or not the devices were used to download sensitive corporate data that has been passed along in unmonitored ways.

Obviously, Mobilisafe has self-interest in pointing up this sort of data. After all, the company's software is designed to make it simpler for small businesses to keep track of these sorts of things.

But even if the data comes from a source with a vested interest in the findings, it doesn't make them any less scary. The fact is that mobile security and management needs to be a much higher priority for many SMBs, which have been caught somewhat behind the Bring Your Own Device (BYOD) trend.

Editorial standards