Smartphone Information Security Risks: Portable Devices and Workforce Mobility
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Today’s world is characterised by a heavy dependence on information technology and technological devices to perform even the simplest of tasks. While this in itself is not a bad thing, our over dependence and neglect has put us in a situation where the confidentiality, integrity and availability of our information resources are continuously being questioned. ENISA (2010) report that in the third quarter of 2010 eighty million Smartphones were sold worldwide, with the UK, Germany, France, Spain, and Italy reporting a sixty million increment in the number of smartphone users. Reardon (2007) additionally predicted that between 2007 and 2012 there was going to be a 30% year-on-year growth in the sale of smartphones. The improvement of smartphones together with its rapidly decreasing unit price has placed smartphones within the reach of all employees. Due to the mobile nature of the device, it has brought challenges to the information security needs of organizations. As the sale of smartphone continue to increase so does the number of vulnerabilities on mobile operating systems. Knowing where to place the smartphone is of prime importance in this study. Is it just a socio-technical tool for private use or it must be extended to be used as a working tool? If so, how should it be used to limit the exposure of organizational information? The study makes use of interviews in finding out what users of the device think about the device and how secure they think their device is. The interviews also tries to find out how securely the users have configured their devices, their mobility rate and what policies have been put in place to help guide users of the device while using the device. Findings from this study indicate that smartphone threats are diverse, complicated and smart. As the price of the smartphone reduces and their functionality improves, the number of its users increases. This makes it a target for hackers and malware as they can exploit the device to gain personal and organizational data. In spite of this, the perception of users on the risks of using a smartphone for work is not as high as can be. Users still think that if only the phone is used for making and receiving calls, reading and replying to emails and checking calendar schedules, then there is nothing much to protect. In reality this is not the case. Smartphones have a lot more going on them than just the aforementioned. Users must be educated on the reality of the matter and be made aware of the current risks there are so as to increase their consciousness on this matter. Finally, the discussion in this study sheds some light on the challenges that mobility and smartphone usage for work pose to organizational information security. The choice of a counter measure depends on factors such as what kind of data the organization produces as well as what kind of usage patterns employees have. There is no one size fit all counter measure that can be implemented. Organizations must realize this and embark on the best solutions that are suitable for their organization. To get the best counter measures in place, organizations are advised to make their own risk assessments and weigh the risks against the potential benefits in their own specific cases.
Place, publisher, year, edition, pages
2013. , 104 p.
Technology, mobile work,mobile workforce,strategy,socio-technical perspective,mobile work, mobile workforce, strategy, socio-technical Perspective, Mobile work, organizational culture, socio-technical perspective, wireless technology, Information security, Organizational performance, Organizational capabilities,organizational culture,socio-technical perspective ,wireless technology,information security,organizational performance,organizational capabilities
IdentifiersURN: urn:nbn:se:ltu:diva-46425Local ID: 410c65d6-a9e1-4aa2-9699-d2341544680cOAI: oai:DiVA.org:ltu-46425DiVA: diva2:1019739
Subject / course
Student thesis, at least 30 credits
Information Security, master's level
Validerat; 20130827 (global_studentproject_submitter)2016-10-042016-10-04Bibliographically approved