Friday, April 18, 2014

Speaking of Mobile Security

I've been doing a fair amount of speaking about Mobile Security lately.  The audience has been financial operations - accounts payable and accounts receivable.  These folks are concerned with the evolution of mobile technology and how it is being progressively integrated into their operations.  They have found that the risks are pretty large, and no one seems to be paying attention to this.

We are racing headfirst into the mobile revolution, interweaving it into our everyday life.  I can check my bank account balance, transfer funds, make investment trades, take payments, even manage my company's finances all from a tablet device.  In healthcare, we have mobile apps which allow clinicians to check your chart, monitor your blood pressure, view x-rays, write prescriptions...  this increased mobility is a great thing - it adds productivity and mobility - but we have to balance the benefits with the risks.  In other words, we need to understand and control the risks as we continue to weave mobile technology into our world.

The risks of mobile technology are pretty scary.  I would bet that you have apps on your phone or iPad that have more permissions than you are aware of.  Most of the time, we install an app without checking the permissions.  It usually asks your permission to install and gives you a list of permissions you're giving the app.  But we don't really check those - we are in a hurry to get the benefits of the app!  But the rights you're giving this app may be excessive.  Do you want Angry Birds to be able to delete data off your iPad?  Do you want your fitness app to be able to read your contact list?  Do you want your travel app to be able to send emails in your name?  Can they do that now?  You had better check!

I will try to write more frequently - I'm going to do a series on Mobile Security, since that seems to be a really hot issue at the moment.  I just added a Speaking tab to the blog - you can check out where I've been speaking and also let me know if you'd like to have me out to speak at an event.  

No comments: