How to Protect Your Smartphone

IT departments can lock down corporate-owned smartphones so that employees can't install anything on them or browse to random Websites. Securing employee-owned smartphones is obviously a lot more difficult. Johnson says companies need to emphasize awareness and make employees understand security risks. He also recommends mobile device management systems that restrict certain user activity.

One such mobile device management solution for "Bring Your Own Device" environments comes from Good Technology. Good Technology offers an application that smartphone owners can install on their devices, says Johnson. The software serves as a container for work-related activity on the phone. It basically separates the corporate work from the rest of the phone, says Johnson.

When an employee is ready to get onto the corporate network to check email or product inventory, for example, he simply launches the Good application, which prompts him to authenticate. "Everything that happens inside that app is segmented from the rest of the phone," says Johnson. "As the app is running, everything is there in memory. When you close the app, it saves everything else to a file that is encrypted. Attackers can't get to it. So if a drive-by download attacks a phone, it can't access any of the corporate stuff. It doesn't protect the device; it protects a company from an infected device."

The drawback to the Good Technology application, says Johnson, is that the user interface is different from the rest of the phone. "If you're used to the way Android does mail, the Good mail client works differently. It doesn't have the same feature set. A lot of users complain about that," he adds. "But if it's the difference between complaints from users and safety from drive-by downloads, then Good wins."