It seems everyone is concerned about protecting their privacy and security on mobile devices. Indeed, according to a recent survey by KPMG International, The Converged Lifestyle, 90 percent of consumers are worried about the threat of unauthorized parties accessing their personally identifiable information through their mobile device.
Executives are also worried; and justifiably so. Given the recent litany of highly-publicized – and in some cases financially damaging – corporate security breaches, many executives have started to fret about the potential security risks that mobile may bring to their businesses.
And while this high level of paranoia and concern may simply be dismissed as the natural birth pangs of any new technology, the threat and risk must be taken seriously. Those that manage the risk well will find that this mobile revolution actually leads to greater security and privacy protection, while simultaneously delivering opportunities to engage with clients and customers in exciting new ways.
There is some truth to the idea that mobile – currently – is somewhat riskier than some other forms of technology or payment. In fact, some of the most compelling benefits of mobile also act as a double-edged sword. Their small size and compact design, while a key feature for consumers, also means that mobiles frequently end up lost in the back of cabs and other public places. Their small user interfaces and tiny keypads – central to their convenience – also tends to lead users to use shorter and often less secure passwords. And as more and more of our activities start to be enabled by mobile, so too will the amount of personal data that must be kept secure on our devices.
And the simple truth is that things are only likely to get more complicated as more and more devices come onto the market alongside an avalanche of new apps and functions. Each will open mobile up to weaknesses that can potentially be exploited by the nefarious.
But, taken in balance, it would seem that the potential security and privacy attributes of mobile may – in the long-term – far outweigh the risks. Already, many forms of mobile payments have become more secure than cash or checks. A lost wallet, for example, would require the estranged owner to cancel all credit and identity cards and essentially kiss any of the cash in the wallet goodbye. A lost mobile, on the other hand, can quickly and remotely be wiped clean and the data swiftly migrated to a new device – with money and identity intact.
New approaches to mobile security are now starting to emerge, many using the unique characteristics of mobile devices to reinforce and strengthen protocols. By using the geo-location feature of a cell phone when faced with a suspicious transaction, card companies can surmise – with a relatively high level of confidence – whether the cardholder was, in fact, present at the transaction. It’s not too far a leap to prophesize the introduction of biometric authorization using the device’s camera, or any number of new approaches that turn science-fiction into reality.
Rather than let security and privacy concerns paralyze the development of a mobile strategy, business executives must instead embrace mobile and – by carefully considering its inherent risks and opportunities – work to develop a sound strategy that reduces risk and safeguards data. And while security approaches will be different from company to company, there are a number of common considerations that may universally apply.
The bottom line is that executives have every right to be wary of the security and privacy risks involved in mobile, but not to the detriment of their mobile strategies. Indeed, those that are able to manage and mitigate the risks while pushing forward with mobile innovation will almost certainly find themselves poised to dominate in this new market.
By Stephen Bonner, Partner, Information Protection and Business Resilience, KPMG in the UK