Offering the flexibility of online education and support for military students.
Every day, talented individuals are proving it's never too late to think about the future.
Learn more about becoming an international student at US-based and accredited Kaplan University.
Learn about transferring your previously earned college credits to Kaplan University.
We have partnered with many employers and educational institutions to provide their employees and students with education opportunities.
Corporate and Academic Partners
Kaplan University is dedicated to the support, engagement, and involvement of our graduates.
Resources for current Kaplan University students.
We have 15 ground locations across the country. Explore our locations to see if we're in your neighborhood.
Learning Center Experience
By Rhonda G. Chicone Faculty, Kaplan UniversityPublished April 2016
It goes without
saying that a company can benefit from employees using mobile devices. Think
about how productive you are using your Android based smartphone or your
iPhone. We’ve integrated these devices into our personal and our work lives. I’m
going to discuss the workplace in this article however, much of what I talk
about applies to your personal data, too.
How many of you are
accessing company owned data from your smartphone? You might ask what is
company owned data? It could be a PowerPoint presentation that has
confidential information on it or simply an email conversation using your
company’s email system. How is the company owned data being managed and secured?
In some cases, a company may use what is called an Enterprise Mobility
Management (EMM) or as it was previously known, a Mobile Device Management
(MDM) system. In most cases you’d know if your company was using an EMM system
as you would have received (or have access to) setup instructions from the IT
Some of the well-known EMM1 players are MobileIron, IBM’s
MaaS360 (IBM acquired Maas360 in 2013), VMWare’s AirWatch (VMWare acquired AirWatch
in 2014), or Good (BlackBerry acquired Good in 2015) just to name a few. Or
maybe you have received no instructions on how to use your personally owned
device (BYOD) in the workplace? If that is the case, your company is taking a
huge risk. Remember that mobile devices are small. Due to size, these devices
can easily be lost or stolen. That is a huge problem considering these devices
have a massive amount of storage space that contains a lot of data. The types
of data stored on these devices could be in the form of apps, cookies, text
messages, audio files, video files, pictures, email, etc.
EMM systems come at a
price, and just like any other system, they are not perfect. But, they are
better than using nothing at all. They help reduce the risk of data compromise.
So, let us assume you are not using an EMM system. Also, we will assume that
the corporate data in question is email, calendar, and contacts.
Many years ago
Microsoft came up with a protocol called ActiveSync. Most popular email
systems, besides Microsoft Exchange, use ActiveSync for mobile email access and
communications. For example, Google’s Gmail uses ActiveSync. As some of you may
know, it is relatively easy to setup your smartphone to access Gmail email. ActiveSync
also has some mobile device security policies. The problem is that some are
Now, I briefly want
to define a term that many of you may have heard. It is called malware. Malware
is simply software that has intent of causing harm. Now, malware comes in many
forms. It can be an app you installed on your mobile device or could be part of
the device operating system (O/S) manipulated in a clever way to cause harm. So,
let’s get back to ActiveSync and our Gmail example. There are four mobile
malware that are hitting ActiveSync only mobile devices2. Sadly, as
a user, you may not know your device has been compromised until your data
(remember the company data we talked about?) has been hacked.
Stagefright likes to
target Android based devices. It exploits a vulnerability that exists in the
Android media library (part of the O/S). What happens is you will receive a
multimedia message (like a picture or video) and immediately the message is
downloaded and infects the device through the multimedia preview function.
Stagefright can hijack your camera or microphone not to mention steal data off of
the device. One very important thing to note, you do not have to click a link. It happens as soon as the MMS is
likes to target iOS (iPhone/iPad) devices. It doesn’t matter if your iOS device
is jailbroken or not. YiSpecter goes after outdated Application Programming
Interfaces (APIs). Apple tries hard to flag applications that use the outdated
API’s during their vetting process but sometimes Apple missing them. Moreover,
YiSpecter can spread in three ways: through a worm on Windows that infects the
device when pairing, through Internet Service Providers (ISPs), and through
installation that is offline. YiSpecter’s mission is to harvest user data.
targets iOS devices. iOS devices that have been jailbroken. Keyraider likes to
gather up all of your usernames, passwords, security certificates, and even
your private encryption keys.
YiSpecter, attacks iOS devices that are jailbroken or not. It likes to infect
thousands of apps that made it through Apple’s vetting process and are
published on the Apple App Store. Apps are accidently infected by XcodeGhost
when software developers use Apple’s development tools to create apps. The
developer unknowingly is hiding malware in their apps. XcodeGhost can do just
about anything like fake password prompts, steal credentials, and allow remote
command and control.
Did I scare you? I
didn’t mean to. I just want you to be aware. ActiveSync comes free with Gmail
(and with other email systems) and it is an easy way to get your corporate (and
personal) email up and running quickly. But, it also leaves a company open to
mobile malware attacks on iOS and Android based mobile devices. A company has
to ask themselves if they want to take the risk.
My recommendation is
to test drive one of the EMM systems mentioned above. They all offer a free
trial. Let me define risk for you. Risk = Vulnerability x Threat x Asset Value.
Give leadership a few asset values and then tell them about mobile malware
threats. They may just get it and invest in an EMM system to protect their
digital assets. Until then, don’t forget to use common sense. Have your
employees become human firewalls by educating them. Make them adhere to mobile
device security best practices like strong passwords, access and save sensitive
information to a device only if it is a necessity, encrypt data (at rest and in
motion) whenever possible (Google can show you how), apply O/S updates, never
connect to an unsecure network and regularly backup important data locally
(that doesn’t mean on Google Drive or Dropbox).
I’ll also leave you
with this, when we think of a device, many of us think of a smartphone. Don’t
forget there are other mobile devices. How about USB drives, micro SD cards,
and the Internet of Things devices? When you select an EMM system to use (and I
recommend that you do), have them show you their product roadmap.
Gartner. “Magic Quadrant for Enterprise
Mobile Management Suites.” Feb, 15, 2016. https://www.gartner.com/doc/reprints?id=1-2HIRGA6&ct=150609&st=sb
MobleIron. “Mobile malware hits ActiveSync-only devices.” Feb. 10, 2016.
Xiao, Claud. “YiSpecter:First iOS Malware that Attacks Non-jailbroken Devices
by Abusing Private API’s.” Feb. 20, 2016. https://www.appvigil.co/blog/2016/01/yispecter-first-ios-malware-to-attack-both-non-jailbroken-and-jailbroken-ios-devices/
Rhonda G. Chicone is a faculty member at Kaplan University. The views expressed in this article are solely those of the authors and do not represent the view of Kaplan University.
KU Facebook Page
KU Twitter Page
KU YouTube Channel
KU Google+ Page
KU LinkedIn Page
KU Pinterest Page
KU Instagram Page
Registered User Login
Student Consumer Information
LEARNING AT KAPLAN UNIVERSITY