Mobile Learning Lockdown: Is Your Data Secure?

Mobile Learning Lockdown: Is Your Data Secure?
Summary: Data security is a primary concern for IT and HR departments when mobile learning is discussed. How can we keep corporate data secure when we start sending it to mobile devices—especially employees’ personal mobile devices?

It’s commonly believed that mobile devices are not a secure means of transferring and storing confidential info and data. This can be true, and I’ll share some examples below. However, there are ways to ensure your data’s safety.

What are the threats to mobile security?

Malware is a rising mobile security threat. Mobile malware is any type of malicious software that is specifically targeted toward smartphones, tablets and other mobile devices.

In an article “Mobile security: finally a serious problem?” for Computer, the IEEE Computer Society journal, N. Leavitt explores the reasons behind the rise in mobile malware, saying that “In the world of computers and communications, the more widely a technology is used, the more likely it is to become the target of hackers.” Mobile malware is on the rise because the large and continually growing smartphone user base—along with an increasingly mobile work force—makes for an enticing target to hackers.

Hackers can compromise mobile devices by embedding malware into mobile apps—often free apps—that users then download and install. Once an app with malware has been installed, hackers can steal private information from the device, install other apps or open “backdoors” on the device, allowing them to take remote control of the device at a later time.

The average smartphone user downloads over 100 applications. Out of 4 million Android applications that were analyzed by the Webroot Threat Research Team, 42% of those applications were malicious, unwanted or suspicious, 14% were untrustworthy, 6% showed moderate risk and only 38% were benign.

Wi-Fi hijacking or Wi-Fi snooping is another threat. Suppose you’re sitting at Panera—or Saint Louis Bread Co. as they call it in Saint Louis—and you decide to check your bank account balance while you’re waiting for your chipotle chicken Panini to be ready. Don’t do it! Hackers can intercept communications between smartphones and unsecured Wi-Fi hotspots, just as they can with desktop or laptop computers. This approach is called a man-in-the-middle attack, because the hacker (middle man) is intercepting everything that you type and transmit before it gets to its intended recipient. This means that a hacker could easily gain access to usernames, passwords and even credit card or confidential company information.

Hackers can also exploit vulnerabilities when Bluetooth connectivity is turned on. For example, “bluebugging” allows a hacker to gain access to another user’s device through Bluetooth and control some of its functions, including making phone calls or sending text messages to premium numbers or eavesdropping on calls made by the user.

How did we get to this state of precarious mobile security?

Researchers from the University of California, Berkeley, Nokia Research Center and Intel Labs published a short paper on smartphones discussed three shifts in mobile device security.

The first shift is the very nature of mobile phones—that is, mobility. Mobile devices can be used in both secure and unsecure environments. For instance, connecting to public Wi-Fi at a hotel or coffee shop is an example of an unsecure network, while connecting to a work or personal network is usually secure. When users connect to an unsecure network, devices are open for attack.

The second shift in security deals with sensors that are installed on mobile devices. Most mobile devices come with location tracking, Bluetooth, RFID and cameras built-in. These standard sensors are a new area for attack.

The final shift is constant connectivity. Mobile devices have constant access to the Internet and other devices, which makes things easier for cyber criminals.

However, your Mobile Learning CAN still be secure.

It’s not all doom and gloom in the m-Learning world. The answer lies in how you deliver your training to your employees’ mobile devices.

You can take measures to protect your corporate data against lost or stolen employee phones. Measures include using GPS to locate the phone’s whereabouts, setting up a custom SMS that displays a “return to user” message on the screen, remotely locking down a phone’s functionality, remotely wiping all data or even initiating a high-pitched device “scream” noise if you believe the phone is lost or stolen.

If you have a secure, accessible corporate network, you can ensure that your employees’ mobile devices can authenticate against it. This allows you to restrict access via your single sign-on to make sure only approved users are accessing company content. You can also restrict access by device context, using the phone’s built-in GPS to ensure employees aren’t logging in offsite or putting in overtime.

Don’t want to have to work out all these security details on your own? Then you need an m-Learning app that does it for you—like CourseMill® Mobile. CourseMill Mobile exceeds all known security requirements in the industry (over-the-air, in-the-cloud, single sign-on security and double encryption), so your learners can safely use their own preferred devices. Plus, it works on Android and iOS devices—online or offline!

Try it yourself with a free trial of CourseMill Mobile.