What are the biggest mobile device security threats?

With the rise of mobile devices in business, IT departments also need to reassess the risks involved. Mobile device security threats are evolving, with new hazards apparent every day and new measures IT must take to address them. Four IT professionals offer their insight about the biggest mobile device security threats today.

Tim Riegler
systems engineering manager, Cherry Health

The biggest mobile security risk we have today is rooted devices: iPhones, Android phones. Once you do that, there is no guarantee of a secure ecosystem, specifically around Apple devices. But even with the stuff like Samsung Knox, once you root [the device], then you can get around the Knox stuff. Now you are looking at a personal device used for corporate, or a corporate-owned device, that is [not secure].

Kevin Beaver
information security consultant, Principle Logic

Kevin Beaver

Shadow IT is creating problems. IT and security are basically out of the loop, and unfortunately users are making their own decisions. You need to set users' expectations properly so that they are not having to make security decisions.

From a purely technical perspective, [the biggest risk is] the lack of data encryption on mobile devices. There are some newer Android phones and iOS phones that encrypt data by default, but the older systems don't.

Melanie Seekins
chair of the Credentialed Mobile Device Security Professionals organization

Melanie Seekins

The biggest risk is the lack of people updating their devices when new operating systems come out. When they do that, they not only compromise company data, but they compromise their own data. Apple implemented an auto-update for applications, which helps you plug security holes. If your note-taking application suddenly has a security bug, with you not having those updates turned on, you are not getting the latest software patch.

Matt Kosht
IT manager, utility company

Matt Kosht

Loss of data is the biggest security risk to mobile -- in fact, any endpoint. If you have employees bringing in their devices to work and joining the network, then what kind of paths do those devices have to the data center? To me, the devices aren't that special -- yes, they cost money, and if they get lost or stolen, that's a loss -- but the biggest risk here is that the data is compromised.