Apple Insider reports that United Airlines will be equipping 23,000 flight attendants with new iPhone 6+ models, which will allow them to…
- Process customer transactions.
- Access safety manuals.
- Handle company email.
And, yes, they will be using them mid-flight. While flight attendant smartphones might incite jealousy among passengers whose devices are stuck in airplane mode, there's a bigger issue here: data security.
As we wrote in "Higher Tech Security Budgets Predicted for 2015," companies are expected to increase their mobile investments in the next few years. But mobile security still lags far behind. Companies have been buying mobile technology without investing in security programs and training.
With that in mind, let's use United Airlines as an example of the risks your clients could face as they expand their mobile IT.
Understanding Mobile Security: Cyber and Physical Risks
When United Airlines introduces these mobile devices, it will need to have IT security in place to account for digital and physical security. That's because in addition to hacks, phishing schemes, and other digital threats, mobile devices can be lost or stolen.
Before we go over physical security, let's talk about the cyber risks United Airlines will have to account for. UA plans to use these devices to handle customer transactions. When a passenger wants to buy a cocktail during a long flight, the attendant presumably will swipe the customer's credit card through a reader attached to the iPhone.
DarkReading reports that a few years ago, Square's payment reading dongle didn't encrypt data and transmitted credit card information in plaintext into the mobile app. UA will need to find software and hardware that encrypts each transaction. If the app is hacked, UA could be sued (even if they use a third-party app like Square).
UA will also need to ensure employees use their devices securely. As we reported in "2015: More Mobile, More Holes, But Will There Be More IT Sales?" 75 percent of users say their company's mobile security policies are lax. That number is scary, but maybe not surprising. Many employees will simply use a work device as if it were a personal one and use them in non-secure ways.
Device Theft as a Data Security Issue
To understand the risks of mobile theft and physical security – significant issues that UA will need to take into account – it's important to identify which industries are most affected by it.
Workplaces with heavy foot traffic and bustle create an environment conducive to mobile theft. This problem is common at hospitals, where the biggest source of data breaches is the physical theft of laptops, tablets, and mobile devices. In fact, according to HIT Consultant, 68 percent of healthcare data breaches have occurred because of physical theft and loss.
Airports offer similar challenges to companies looking to secure their technology. Attendants will presumably…
- Connect to an unprotected WiFi network as they sit in airport lounges.
- Charge them on wall outlets or public USB terminals.
- Carry devices in bags that are left vulnerable at gates while performing boarding procedures.
In this environment, it's easy to see how a device could be lost or stolen.
With its employees, UA will have to…
- Train them on best data security practices to prevent physical theft and loss.
- Teach them how to use devices securely to avoid phishing emails and other threats that could lead to a company data breach.
UA should be applauded for making a bold move into mobile IT – but only if the company invests in the security that will protect these devices.