Nokia: Man is weakest link in mobile security

The human factor is often overlooked when businesses think about mobile security, says an official from the mobile phone maker.

Human behavior is the biggest risk in mobile security, according to a top Nokia official.

Niklas Savander, Nokia's senior vice-president of enterprise solutions, said workers are more careless with their cellphones than they are with their laptop PCs. "There are thousands of (lost) cellphones found on the London Underground everyday," he quipped.

"Companies should really ask their workers if they realize they are walking around with sensitive corporate data," he said. It is paradoxical, he added, that employees diligently shred pieces of paper, but seem nonchalant about the data in their mobile devices.

Savander is not the first to pinpoint humans as the weakest link in security. Former hacker Kevin Mitnick had also stressed the need for companies to focus on employees in securing their network. Studies have also indicated that businesses often neglect employees' role in the company's security measures.

But where humans fail, organizations can use technology to stop private information from reaching the wrong hands, Savander said. Companies welcome features like "remote wipe", which allows them to erase corporate data remotely, he said.

Businesses can also encrypt data on mobile devices, he added. Data encryption will make it harder for dishonest commuters who pick up cellphones on the subway, to retrieve meaningful data.

While security features mean well, Savander emphasized that data protection measures should not make mobile devices and applications harder to use.

Tech support staff, he said, often claim that workers are cool on the security features made available to them. "But if you need 15 passwords and two token (cards) to use an application, people will just say 'forget it'," he said.

Savander added that security features such as wireless encryption, are not user-friendly. However, as technology matures, there is the possibility that some of these security features will be more transparent to users, he said.

Michael Yin, CEO of Mozat, a Singapore-based mobile enterprise solutions provider, said there has to be a balance between security and making mobile devices more user-friendly to employees. "You don't want to scan your fingerprints before you send out a message from your devices," he said.

A Gartner report in April noted that measures undertaken by businesses in mobile security are inadequate. According to the research firm, security enforcement is further complicated by the fact that employees bring in their own devices which run on multiple operating systems.

"This poses a significant challenge in terms of securing corporate data residing on privately-owned devices, as they are not under direct IT management," Gartner cautioned.

Yin said one way of overcoming the problem is to use Java-based software as it provides a common platform to manage mobile devices, many of which are Java-enabled. Mozat's mOrange, for example, can be used to manage and encrypt data passing between corporate networks and the mobile devices.