White paper

Mobile security issues

in a corporate environment

Be Ready for What’s Next.

Mobile security issues
in a corporate environment
The smartphone market is accelerating at a rapid rate. According to current
estimates by the industry association BITKOM [1], the global IT and communica-
tions market will grow by 4.8 percent this year. Mobile communication devices
– and smartphones in particular – are leading this charge, with experts predic-
ting a huge 11.5 percent increase in their sales. Sales of smartphones have
even overtaken those of PCs, and the devices are becoming increasingly popu-
lar for both business and private use.

As a result, companies which don’t necessarily require their staff to use smart-
phones are becoming obliged by their employees’ usage and personal experi-
ence of these practical devices to implement them for business purposes.
In many companies, employees are also given their choice of end device as an
incentive. The European Information Technology Organisation (EITO) predicts
global sales of 1.4 billion mobile phones for 2011.

The dynamic smartphone market

Anyone looking closely at the smartphone market will notice that there is
currently no operating system which predominates, to the extent that Windows
does for computers. Instead, as Canalys’ latest market analysis [2] shows,
several providers are well-positioned and are helping themselves to respectable
pieces of the smartphone pie. Thanks to a wide range of devices which span
the price spectrum, the Android platform has profited most from the recent mar-
ket growth. With 33.3 million Android smartphones, Google has secured itself
a market share of 32.9 percent, making it the market leader. Second place is,
however, not occupied by Apple and its ubiquitous iPhone. Instead, Symbian’s
market share of 30.6 percent (31 million devices) puts it right behind Google
and clearly ahead of Apple. Only then does the iPhone operating system iOS
enter the field, with 16.2 million devices and a market share of “just” 16 per-
cent. Next come the BlackBerry devices so popular with business users, with a
market share of 14.4 percent. Bringing up the rear is Microsoft with its current
Windows operating systems and a total market share of 3.1 percent. The smart-
phone market also presents a challenge for analysts, as predicting it is extreme-
ly difficult. Just a year ago, iOS’s market share (16.3 percent) was similarly high.
Last year, BlackBerry devices still retained a fifth of the market, while Android,
the current leader, was bobbing around at the back with 8.7 percent. This put it
just in front of Windows Mobile which, at the time, had 7.2 percent. A year ago,
Symbian was still the market leader – and by a very large margin, with 44.4
percent of the market share.

As a current survey carried out by Forbes Insights [3] shows, however, the
smartphone share of the business market is now quite different. 87 percent of
management in US companies use laptops, and 82 percent also own smartpho-
nes. 28 percent are “dual-device owners” who, in addition to a BlackBerry – the
classic corporate mail machine – also own an Android-based mobile device or
an iPhone. The smartphone is the communication device of choice for more
than half of those surveyed.
 Windows
Mobile
3.1%

RIM
(BlackBerry)
14.4%

Android
iOS 32.9%
16.0%

Symbian
30.6%

Smartphone protection is mandatory

Why, though, should companies incorporate smartphones into their security

strategies? The simple answer is that smartphones have many uses, making it
important to protect these mobile platforms. In companies, smartphones are
most commonly used to access communications networks – primarily phone
and email systems, but also (and increasingly) other messaging systems, inclu-
ding scheduling management systems. They are also used to gain comprehen-
sive access to contact databases. In such cases, the confidentiality of sensitive
company data must be ensured. Third parties should not be permitted access
to business emails, nor – of course – should they be able to access customer or
vendor information.

Messaging
Calls E-Mail
Systems

Contact
Scheduling VPN Access
Databases

Social Media
ERP Systems
Services
The next step involves accessing corporate networks. Employees usually use a
VPN connection to dial into the corporate network, from where they can access
files and business applications like ERP systems (Enterprise Resource Planning).
It is important that companies must take action here to prevent unauthorised
users from accessing internal company information, siphoning off data, or mani-
pulating existing applications.

For years, it has been common practice for companies to have protective stra-
tegies in place to cover their servers, workstations and other IT components.
Protecting smartphones used for business purposes is, unfortunately, not yet a
fixed component of corporate security policies. Given the various smartphone
uses listed above, protecting your company’s smartphones would be a wise
move.

The perfect protection strategy

There are three basic scenarios against which smartphones should be protec-
ted. The most common is Case1: loss or theft. According to BITKOM studies,

Smartphone (73)
10 million Germans have already lost a mobile phone [4] and in a recently
conducted survey during January 2011 across 4 European countries, targeting
mobile users from the age of 14 and upwards, 20% said their mobile devices
had either been stolen or lost. Case 2 is similar to Case 1: someone else gains
complete access to your mobile device for a short time. Let’s take a popular
example: an employee leaves his smartphone lying on his desk during the lunch
break, and a co-worker or third party picks it up. Here, too, the risk of misuse of
corporate information through nauthorised access is a real one. Case 3 com-
bines all the other threat scenarios – including malware specifically designed
for mobile devices, SMS attacks, and targeted data theft via specially-designed
emails or websites. What makes this case different, however, is that the
attackers do not have physical access to the device.

Loss due to... Unauthorised Malware

access by...
 Theft  Co-workers  Viruses
 Stress  Third parties  Text attacks
 Forgetfulness  Family  Targeted data
 Leaving phone members theft
behind
Protecting yourself against loss and theft

If your smartphone is lost or stolen, a third party gains physical access to your
device. If the finder is dishonest, he or she now has all the time in the world to
access the information stored on the smartphone. Not only is the data stored
on the mobile device itself valuable, but login information for corporate net-
works or communications services is also of interest. If VPN or mail server
passwords are stored in your phone, the thief only has to touch the appropriate
application to gain access. Protective software like Kaspersky Endpoint Security
8 for Smartphone contains special anti-theft functions to prevent third parties
from accessing information on missing devices. Lost smartphones can even be
blocked remotely using special management software. Devices with GPS
receivers – a feature which is already built into most business smartphones –
can also be located. Alternatively, you could take more drastic measures and
use a delete command to restore the device completely to its factory settings.
While the lost device itself must still be replaced, doing so does not pose a pro-
blem for most companies, and resetting it prevents sensitive corporate data
from falling into the wrong hands.

A professional thief will quickly take measures to avoid being detected. One of
his or her first acts, therefore, will be to remove the SIM card. Here, too, how-
ever, Kaspersky Endpoint Security for Smartphones has a solution: the SIM
Watch function enables management software to keep track of the device, even
if the SIM card is removed. Even the new mobile number is automatically texted
to the phone’s rightful owner.

But what if the smartphone can’t be locked down in time? In such cases, en-
cryption comes in handy. This tried and tested method has proven effective in
protecting data on laptops for years. Files, folders and storage media can be
irrecoverably encrypted using Kaspersky Endpoint Security, insuring that only
those with the correct password can access the data.

Protecting yourself against attacks

The perfect protective software for mobile devices:

 Access blocks
 Encryption
 Privacy protection
 “Over-the-air“ management
 Support for rules
 Multi-platform support
The problem of mobile malware is one which is often dismissed. After all, the
numbers cannot possibly compare to the current Windows situation. While mal-
ware for diverse mobile platforms do exist – such as Trojans which send
texts to premium services in order to run up huge bills for the phone owners, for
example – there have only been a few major virus outbreaks to date. Caution
is, however, advised, as the increasing popularity of smartphones and tablets
is making them interesting targets for malware authors. It is also worth noting
that not all virus attacks are necessarily aimed at causing media sensations.
Security experts have been observing the malware scene’s increasing professi-
onalisation for years now. Quality comes before quantity, and if someone is inte-
rested in the data on your field sales team’s smartphones, a targeted attack is
a genuine risk. Our advice is to take precautions using mobile virus protection.
Kaspersky Endpoint Security 8 for Smartphone protects mobile devices in real
time and performs scheduled malware checks of entire devices. This can pre-
vent data thieves gaining a head start, thus nipping major threats in the bud. In
addition to a mobile protection solution, an anti-spam module is also important.
Its functionality should not be limited to emails – instead, it should also filter
unsolicited texts and calls.

Additional security measures

While access blocks and encryption will help to conceal information, sophisti-
cated protection software also has other useful tricks up its sleeve, including
privacy protection features. Kaspersky Endpoint Security 8 for Smartphone, for
example, enables users to hide individual contacts, call lists and texts.

Simple smartphone security

Smartphones can do a great many things, and the threats affecting them are
diverse. Luckily, protecting these mobile all-rounders is very easy to do. When
choosing appropriate protective software for smartphones, companies should
take into account the following points.

Management functions
Configuring one smartphone manually is easy. Configuring five or more can be a
nuisance, and configuring more than ten is uneconomical without a centralised
management interface which allows access to mobile devices for maintenance
purposes. This is precisely what Kaspersky Endpoint Security 8 for Smartphone
provides. As administration can also be performed remotely, the IT team retains
total control of the devices at all times. This enables updates and new programs
to be installed easily and in a targeted manner. When choosing a mobile secu-
rity suite, you should also bear in mind that, as well as being managed through
the Kaspersky Administration Kit, Kaspersky Endpoint Security can also be inte-
grated seamlessly into existing management environments for mobile devices –
such as Microsoft’s mobile device manager, for example, or Sybase Afaria.
Rules
Who can do what on your network? Policies have become indispensible for com-
panies – and not just for compliance reasons. Instead, they are also a must for
seamless, secure smartphone integration. Kaspersky Endpoint Security
therefore permits rules to be assigned to various different user groups – “over-
the-air”, of course. This enables administrators to conveniently adjust the
smartphones’ anti-virus settings and, for example, to define which file types
should be scanned for malware and which should not. And, of course, the
anti-theft function can be configured to a very detailed level. Want to delete the
content of stolen smartphones remotely? You can define rules which enable you
to do this. When it comes to encryption, too, IT teams hold all the cards. Rules
are used to define which folders must be encrypted. Another advantage is that
employees don’t need to do anything – their smartphones will automatically be
perfectly configured. The bottom line is that administrators save tremendous
amounts of time – and, therefore, money. After all, using this method eliminates
the need for smartphones to be collected, docked with a PC, or continuously
connected to the corporate network in order to have their security settings
adjusted.

Protection for all platforms

Don’t compromise when it comes to smartphone security. The protective soft-
ware you choose must support all the mobile platforms your company currently
uses. Kaspersky Endpoint Security 8 for Smartphone currently supports Black-
Berry, Windows Mobile, Android and Symbian devices. In short, the Kaspersky
Lab solution currently covers around 85 percent of the smartphone market. As
Kaspersky Lab’s protective solutions require very little in the way of resources,
there will be no negative effects on your mobile devices’ performance.
About Kaspersky Lab

We believe that everyone should be free to get the most from technology –
without intrusion or other security worries. Our crack team of specialists gives
you the freedom to live your digital life without worrying about your personal
information and assets.

For 13 years, we have worked on exposing, analysing and neutralising IT

threats. Along the way, we have amassed a tremendous amount of experience
and knowledge about malware and how to deal with it. Today, Kaspersky Lab is
firmly positioned as one of the world’s top four leading IT security software ven-
dors for endpoint users.

Kaspersky Lab is an international group that employs over 2,000 highly-quali-

fied specialists, has central offices in Moscow, as well as regional headquarters
overseeing the activities of local representatives and partners in five global
regions: Western Europe; Eastern Europe, the Middle East and Africa; North and
South America; the Asia-Pacific region; and Japan. The company currently works
in more than 100 countries across the globe and has its own territory offices in
27 countries. The company’s products and technologies provide protection for
over 300 million users worldwide. The group’s main decision-making body is the
Board of Directors, responsible for setting out an overall development strate-
gy and appointing senior management figures. The Board is made up of nine
shareholders and top managers representing the central headquarters and
global regions.

Over 300 million people worldwide are protected by Kaspersky Lab products
and technologies, including users of third-party products that incorporate the
Kaspersky Lab Anti-Virus Engine. Kaspersky Lab’s corporate client-base
exceeds 200,000 companies located around the globe, ranging from small
and medium-sized businesses right up to large governmental and commercial
organisations.

The number of Kaspersky Lab customers is growing every day, with product
activations currently numbering over 10 million per month.
Kaspersky Endpoint Security for Smartphone

Kaspersky Endpoint Security for Smartphone is a new application from a pro-

duct family based on a uniform set of world-class anti-malware and other core
technologies. It offers easy-to-use, easy-to-manage security to protect confiden-
tial data on corporate mobile devices from loss, theft, unauthorised access and
malware, wherever your employees travel.

Highlights

Ensure robust data protection

Kaspersky Endpoint Security for Smartphone offers effective security features

such as Encryption, Anti-Virus, Firewall, Anti-Spam for Voice & SMS, and
Privacy Protection, as well as Anti-Theft with remote lock / wipe and GPS
tracking capabilities.

Get multi-platform support

The application provides effective anti-malware protection for mobile devices

running on Symbian S60, BlackBerry, Android and Windows Mobile phones.

Deploy with ease

You can easily roll out Kaspersky Endpoint Security for Smartphone from a sing-
le point to all your corporate mobile devices, either over the air or when smart-
phones are connected to a PC.

Manage effectively

The application enables system administrators to manage settings, restrictions,

group policies and more from a centralised console using Kaspersky Administ-
ration Kit, Sybase Afaria or Microsoft System Center Mobile Device Manager.

System requirements

Supported management platforms:

• Kaspersky Administration Kit 8.0 (version 8.0.2121 or higher)

• Microsoft System Center Mobile Device Manager 2008 SP1
• Sybase Afaria 6.5

Supported operating systems:

• Symbian S60 9.1-9.4 (only Nokia)

• Windows Mobile 5.0-6.5
• BlackBerry 4.5-5.0
• Android 1.5-2.3
[1] www.BITKOM.org/66938_66928.aspx
[2] www.canalys.com/pr/2011/r2011013.html
[3] http://images.forbes.com/forbesinsights/StudyPDFs/The_Untethered_Executive.pdf
[4] www.BITKOM.org/de/presse/66442_64952.aspx

Kaspersky Lab
97 Milton Park
Abingdon
Oxfordshire OX14 4RY, UK

[email protected]
www.kaspersky.co.uk
www.securelist.com
www.threatpost.com
8t2e