Blog

What the iOS vulnerability really means

Written by sreedwilson | February 25, 2014 8:41:38 PM Z

Hopefully by now you have updated all of your iOS devices.  Over the course of the last few days I have discussed this security update with lots of customers and thought I would share my perspective with you.

1) This security flaw basically means that any data that should have been sent securely was susceptible to interception.  It could be harmless data like your calendar information or more meaningful data such as banking data.

2) The update as of now only helps people who are using iPads, iPhones, or iPods.  If you are using a Mac – there is no fix yet.

3) Apple is really not doing a great job of letting people know how serious this is – given that over 421,000,000 iPhones have been sold since 2008 this is a huge, huge issue.  Microsoft, by comparison, does an excellent job of letting IT professionals know when out of band (very serious patches) are released.

4) Almost every SMB has a liberal BYOD (bring your own device) policy and most are unwilling to spend money to control and secure these devices.  This puts their business data at risk for breach (and their business at risk for a lawsuit).

5) This is just the beginning. Just as Windows XP was an extremely popular OS that was used by the masses – so goes the iPhone.  Just as Windows XP was an excellent target for hackers in its early days – so goes the iPhone.

There are ways you can protect yourself and your business from threats like these:

1) You should have language in your employee handbook that says that addresses employees who connect personal devices to work resources.  We suggest language that says you reserve the right to wipe the device (and its contents) at any time.

2) You should put together a mobile device management strategy for the multitude of devices that employees use to connect to work resources.  A good strategy will allow you at least pinpoint devices that are out of compliance.  A great strategy will allow you to push updates to connected devices.

3) Use this as an opportunity to discuss security with all of your employees.  You can have the best security systems in the word – but 9 times out of 10 good security starts with good education.

PS: If you are still running Windows XP – think about this: After April 15th Microsoft will no longer be releasing security updates for Windows XP.  So if you fast forward just 2 months and shift this security flaw from iOS to Windows – there would be no coming fix! Get those Windows XP machines upgraded to Windows 7 or Windows 8 ASAP!