co-authored by Dr. Stephen Bryen, Chairman Ziklag Systems
As the Wall Street Journal reports, many people are using two cellphones today -- one for work, the other for pleasure. Mostly they are doing it because they want to keep their personal affairs separate from business, and sometimes because their employer does not want them to use the business-supplied cellphone for anything other than business-related calls, messages and activities. Samsung, in trying to solve the problem, has come out with something called Knox, which is a two-phone system on a single platform. But Knox also does not solve the real problem, maybe even worsening it, because users have to be willing to be unusually disciplined when using the phone.
From a narrow business point of view, having two separate phones (one you pay for yourself, and one I, the Business, pays for) makes sense. It keeps the distinction between business and personal use seemingly clear.
Unfortunately, the line between business and personal is getting less clear on a daily basis. As wireless and mobility tools replace fixed telephone lines and hard wired computer hook ups, people are expected to be available all the time, sometimes approaching the fearsome 24/7.
For the individual this means less time for personal activity. For the business it means more accessibility to employees, "on demand." And business is, for the most part, not paying anything additional for the greater access it has to its people. So mobility has created greater availability and, in employment terms, it is cost effective and a victory for the enterprise pocketbook.
Aside from the impact this has on individuals who are trying to live separately from their jobs, it also has an impact on security. The security rub has implications for the individual and the business.
Mobile devices are increasingly powerful, increasingly connected (today including most of the world), increasingly cheap to operate (even though you might not think so when you get your monthly bill), and increasingly risky.
The risk comes from the weak protection of mobile systems and devices. All of them can be exploited by hackers, competitors and governments, and very easily. Need proof?
Just ask German Chancellor Angela Merkel. She went through five different model smartphones supplied to her by the German secret services and thought to be hardened and secure. NSA hacked the whole lot, one by one.
Now think of Mrs. Merkel as having two smartphones. One for her government work, the other for her personal life. In fact, it is very likely she has two, or even more, phones in her handbag or briefcase. Which one to use, which one to say something indiscreet on, which one to talk to a too close friend, all of them giving away her location available at any moment, not only to NSA or GCHQ in Britain, to other Governments (e.g., the Kremlin), but even to a terrorist?
Even if you never switch on a smartphone, it can be a menace. That is because today's spy-bots and malware can be inserted into your phone, and can turn on and record meetings and conversations without you knowing it. Getting malware off your phone is not easy, because it is hard to identify. Many times it looks like a normal program with a name you know, but underneath the normal program the spyware is lurking and working.
When you have a so-called business and personal phone, the risk quickly doubles. That's because, while many businesses try to limit what can be done with business supplied (or government supplied) smartphones, your personal phone operates according to how you use it, not how your business wants you to do so. And as many enterprises, who want to avoid even greater operating costs, rely on Bring Your Own Device (BYOD), the risks grows exponentially because there is no longer any modicum of management of the smartphones brought into the business space, or used to reach employees who are available in off hours or off campus.
Some businesses may be thinking of banning personal phones, effectively prohibiting BYOD. But this is very hard to enforce, and the incentives are only negative ones. Business and government can, and should, think of offering their employees security systems that can be installed on their personal phones, and in the end this may be the policy that works best.
But we are not there yet, mostly because of the paucity of effective solutions. There is a lot of jabber about this or that anti-virus program, but most of them have not proven capable of protecting a mobile device. Few businesses, therefore, have looked at this solution as satisfactory.
One idea that may gain a lot of interest (full disclosure: it is a product we have developed), called Office Anti-Spy, turns off the offending parts of the smartphone in the office environment, making it safe, while not blocking personal phone calls or text messages. This means the user gets even, in a curious way, with the enterprise by being able to stay in touch with family and friends. In effect, it is a reverse compensation for allowing the enterprise (whether business, organizational or government) to call you when you are home, out on a date, or at dinner or the movies. Office Anti-Spy is an out of the box way to solve a menacing problem.
Otherwise there are few ways you can be sure you are not being bugged or spied on. One tip off, and worth checking out, is whether you find your mobile phone surprisingly warm, or even hot, at times when you really were not using it for much of anything, or even if it has been ostensibly turned "off." If you have a hot phone, you may have a hot problem. Go to your phone provider or your security officer for help.