Security Issues for Mobile Devices

Note: This year’s CCH Connections: User Conference 2016 features 75 sessions in 7 different tracks. With so much great content, it can be hard to choose which sessions you want to attend. That’s why we’ve invited several presenters to preview some of their ideas in a series of guest posts. This post is by Les Nettleton, Director of Information Technology at Bourgeois Bennett in Louisiana. His session, “Security Issues for Mobile Devices” is available in the Technology track.

Here in New Orleans around Mardi Gras time you’ll hear the term “Laissez les bons temps rouler”, which translates to “Let the good times roll”.  It represents the carefree attitude of those attending the Carnival celebration.   It’s one of those things that makes my city so special.

Unfortunately in this digital age, this carefree attitude takes on a new focus.  Think about it…how many of us are really concerned about technology security?  For most people, it is simply an afterthought,  at least until you are hit with a virus, or suffer an intrusion, or have your data compromised and your identity stolen.  Once you have experienced one of these issues, you become more aware of your technology security and the constant battle you need to be fighting in your attempt to become technologically secure.

I use the word “attempt” because unless you unplug from the Internet, do not share data with others and have high level security at your workplace or home, you can never be totally sure that you are secure.   Security is about risk management.  How many dollars do you have available to budget towards security?  How about resources?  Do you have the right people making the right decisions when it comes to the safety of your data?

Throughout my career I have noticed that technology security goes mainly unaddressed until an event proactively forces the user to start focusing on keeping data safe.  In the non-tech world, this is akin to buying a new house and leaving your doors open until someone breaks-in (or walks in, as you did leave the doors open).  Once the break in occurs, you scramble to put locks on your doors.  The break-in has heightened your sense of vulnerability.

The same sense of fragility of your home’s safety should be applied to your technology security.  You need to be aware of what is dangerous to your data and your identity.  You need to apply processes to keep the “bad guys” out.  I like to consider these processes to be hurdles.  I want to put as many hurdles up as possible to keep my information safe.  However, each hurdle I put up to keep my data safe also makes it a bit more difficult or time consuming on MY side.  Here’s the reality…SECURITY IS INCONVENIENT!

Going back to the open door analogy, if I close my door and put dead bolt locks on it, each time I enter or leave my house I have to unlock/lock my door.  It takes longer than simply leaving the door open.  It is, in a small way, inconvenient.  But my inconvenience has thwarted a possible security breach.

About 15 years ago, mobile devices morphed from being calendars and contact management devices to being full out computers and phones, capable of Internet access as well as making and receiving calls.  We embraced these devices and in a short 15 years, have become amazingly dependent on their functionality.

But how many of us look at our smart phones and think of the security issues associated with them?  What does it take to become more knowledgeable about the risks involved with using a smartphone? Even if you don’t integrate your work information onto your smartphone, you have data and information on your device, which if lost or stolen, could be used against you in identity theft, illegal access to accounts or even a physical break-in of your dwelling.  To prove this point, at a party one evening I borrowed a friend’s phone, which had no lock code on it.  I went through his contacts, calendar, texts and pictures and was easily able to piece together not only his day, but his activities and whereabouts for the next few weeks.  If I were a “bad guy”, I would have known when and where he was going on vacation, the fact that his dad had some tests done at the hospital (from which I could spoof the hospital and call him requesting money for additional tests), and that he had recently purchased a new TV and stereo system.  Knowing about the electronics was good, from the “bad guy’s” perspective, as I knew exactly when to break into his house as he was vacationing that week.

This friendly demonstration of simplistic identity theft opened his eyes as to why it is mandatory to have a pass code to be able to access your device.    I know what a lot of you are thinking…it’s inconvenient to have to enter a pass code each time you use your device.  Yes it is.   Once again, security is inconvenient.

Now let’s look at the fact that more and more businesses allow employees to receive work e-mails on their devices.  If you are like my firm, some of these e-mails contain a client’s demographic information, as well as their Social Security number or EIN.  It’s one thing to have your personal data stolen.  But have you considered the consequences of having a client’s information stolen, especially when the problem can be addressed by putting up some barricades?

During my session at the 2016 CCH User’s Conference, “Security Issues for Mobile Devices” we will address all of these issues and many more.  We will go over the concepts of general digital security and apply those to Mobile Devices.  We will look at what you should be doing and why.  I hope to open your eyes to the pitfalls that exist for everyone who has a mobile device.  And while we can’t assure that we can keep you totally safe, we will discuss how to put up barricades to make your data more secure.  You will leave the session with two game plans, one for your personal data safety and one for your company’s data safety.  And of course, we will have some fun along the way as we explore options that will help you avoid becoming  a victim.

The introduction of Mobile Devices into our workplaces has become the most quickly accepted technology of the computing era.  It has also become the most ignored component of most technology security plans.  Let’s change that together! I hope to see you at one of my two sessions to be held at on Monday, October 24 from 1:20 p.m. to 3:00 p.m. and Tuesday, October 25 from 10:20 a.m. to 12:00 p.m.

See you in D.C. and laissez les bons temps rouler!

CCH Connections 2016 will features seven different tracks, with more than 75 sessions that have been developed exclusively for CPAs to help take you and your firm to the next level. Register Today!


Les Nettleton

Director of Information Technology, Bourgeois Bennett, L.L.C.

All stories by: Les Nettleton

Leave a Reply

Your email address will not be published.