In the early 2000s, Apple was charming consumers with iPods and iMacs, but most of the business world still relied on Microsoft’s Windows operating system and favored non-Apple devices. When smart phones entered the scene, the Blackberry was initially the go-to device for businesspeople, largely because it was designed to be exactly that.
But in 2007, with the introduction of the iPhone, everything changed. Today, according to recent numbers published by technology data monitoring firm comScore, Apple smartphones are the most popular among individuals in the U.S., accounting for 41.6 percent of the market. In business, the numbers are even more significant: 97 percent of Fortune 500 companies use iPhones and 98 percent use iPads, according to data quoted by Apple CEO Tim Cook on a recent investors call.
For IT consultants who offer security guidance, this should be a wakeup call: it’s essential to have a dedicated plan for handling security issues for clients using iOS. Why? Because data security is handled in vastly different ways on Apple’s operating system and those of its competitors (including Google’s popular Android platform).
(For an in-depth explanation of the differences between iOS and Android security features and options, check out the whitepaper Defending Data on iOS 7, published last month by information security and advisory research firm Securosis.)
From a liability standpoint, the difference in security protocol is a big deal for IT consultants. A limited or inadequate understanding of the latest products and operating system updates can lead to recommendations that expose clients to costly data breaches, which can trigger lawsuits.
iOS Security Consulting: 5 Tips to Reduce Liability Exposure
Whether you’ve been handling security on Apple devices for years or are only now starting to work with Apple products, the following recommendations can help you reduce your liability exposures when advising clients running iOS.
- Be prepared to explain the differences between iOS and Android systems. On a basic level, iOS is a more closed, centrally controlled environment and Android is more democratic, supporting both proprietary and open-source software. In the context of business use, devises running iOS must be managed differently from Android devices because they mostly don’t support third-party antivirus software that runs in the background of other apps. This is because certain security measures are built into iOS and apps can’t get into the App Store unless they meet rigorous security standards.
- Educate clients about the costs associated with data breaches. Many business owners assume data breaches are expensive because they cause identity theft. In reality, breaches don’t always lead to identity theft, but because of state and federal laws, they can be costly anyway as businesses pay fines, notify affected customers, pay for credit monitoring, and rebuild security infrastructure following a breach.
- Understand how managed and protected data differ. Any data included in iOS apps is sandboxed, meaning it’s protected, but users can move it freely among apps, meaning it’s not managed. To exert control over how employees can move data among apps (i.e., have managed data), employers must purchase devices themselves and implement data management from the top.
- Know the benefits and drawbacks of bring-your-own-device policies, business-owned devices, and Supervised Mode. BYOD policies are popular among many small-business owners because they save the initial investment in equipment. But they open businesses up to a bevy of liability exposures. (Read more about the risks associated with BYOD policies in our press release BYOD Saves Money but Increases Risk for Small Businesses and our blog post Are BYOD Benefits Worth the Cost?) For Apple products, business-owned devices are controlled by the business and function by operating in Apple’s Supervised Mode. The smallest businesses will likely prefer BYOD despite its risks, so make sure you can explain to clients how to keep data safe on employee-owned devices (more tips in the blog post Client Education Resources for Fighting Data Breaches).
- Be ready to explain why iOS 7 is the best bet for security. In the Defending Data report linked above, the authors argue that the security updates introduced in iOS 7 are so significant that businesses shouldn’t use devices running older versions. The good news is that, according to iClarified.com, 82% of eligible devices were supporting iOS 7 by February of this year (it was released last September). If your clients haven’t yet upgraded their operating system, encourage them to do so.
Bonus: 1 Tip for Boosting Revenue through iOS Security Consulting
If you’re familiar with the differences between iOS and Android platforms, it may be worthwhile to expand your services to offer Apple-specific security consultation. Because iPhones and other Apple products are popular among both business owners and individuals, consultants can expand their existing client base and increase the value they offer to current clients by introducing iOS-specific services.
How to get started: Educate both existing clients and prospects about how smartphones can provide an access point for sensitive company information. Once they understand the risks presented by using an iPhone or iPad to access business data, they’ll see the value in your security consulting services.
Other Ways to Manage Liability Exposure
Of course, even the most diligent IT consultants and security professionals will encounter situations where a client fails to follow advice or suffers a data breach regardless of implementing security measures.
When such an incident happens and leads to financial loss on the client’s part, IT consultants can protect their revenue with Errors & Omissions Insurance, which pays for the costs of lawsuits over their advice or services.