Since wireless phones have become so inexpensive and easy to use, their use is rapidly rising in corporations. While the phones can deliver alluring productivity benefits, they also can present a new security risk: Corporate assets, such as new products, manufacturing floor layouts, and business plans, are now susceptible to attack.
As a result, corporations are trying to develop new policies that address the dos and don’ts of camera phone usage.
The security risks arising from camera phones are a recent phenomenon. “The rapid acceptance of camera phones caught suppliers, corporations and even analysts like me a bit by surprise,” Neil Strother, a senior industry analyst at In-Stat/MDR, a division of Reed Elsevier, told TechNewsWorld. “We all thought they would be popular, but just not as quickly as they have been.”
The market research firm found that vendors shipped 50 million camera phones worldwide last year, a dramatic increase from the 18.2 million delivered in 2002.
As a result, many corporations were not ready for the deluge of phones. “Corporate security teams have been focused on preventing the next big virus from overrunning their networks and therefore have not been paying much attention to potential security problems stemming from camera phones,” said Peter Lindstrom, Research Director at Spire Security, a market research firm focusing on security issues.
Despite the lack of attention, camera phones present a number of potential problem spots:
In addition to the loss of corporate property, camera phones open companies up to lawsuits from individuals whose privacy may be violated. Photos of the department hottie may be snapped while the person is in the office and then circulated on an intranet or an Internet site, steps that could lead to a sexual harassment suit.
Also, pictures may be taken as individuals get dressed, a problem that has already arisen in a number of health clubs and could also arise in corporate gyms.
As the potential security breaches become clearer, companies are taking steps to address them. “Whenever companies face new security threats, the initial response is to ban the new technology all together,” said In-Stat’s Strother.
So a few firms, ironically including camera phone supplier Samsung Electronics, have taken that step. “In industries, such as pharmaceuticals and financial organizations, companies are [taking] aggressive stances in dealing with camera phones,” Jack Gold, a vice president with IT research firm Meta Group, told TechNewsWorld.
“They have banned other types of cameras and see doing the same with camera phones as just a logical extension of their existing policies.” At a number of firms, security guards collect the devices from employees and visitors when they enter a building and give them back when they leave.
One problem is that so many camera phones are housed in the pockets of employees and guests that comprehensive security checks are difficult to perform. In response, technology is starting to emerge to help companies monitor the presence of camera phones.
Iceberg Systems developed Safe Haven, which combines hardware transmitters with a small piece of control software that is loaded into a camera phone handset. Whenever a handset is taken into a building, the Safe Haven system instructs the phone to deactivate its imaging system. The phones are reactivated when the handset leaves the building.
“The problem with the new camera phone security systems is they only work if vendors incorporate them into their phones,” Gold said. To date, suppliers have not demonstrated much interest in taking that step because it increases their costs. Government agencies may lend a hand; South Korea has been debating whether or not to make such features mandatory for camera phones sold in that country.
Another step is to having corporate IT staffs disable camera features. In a small but growing number of companies, employees receive new cell phones with no picture-taking features. Since this is a labor-intensive operation, large companies have asked their cellular network suppliers to deliver customized camera phones.
Other Security Problems
Companies are also writing policies that outline appropriate and inappropriate use of camera phones.
“If a few employees are fired or convicted of crimes because they used their camera phones inappropriately, then the potential for misuse will dramatically decrease,” In-Stat/MDR’s Strother predicted.
But that would mean a short break rather than a lengthy hiatus for IT security teams.
“Camera phones are just one in a growing number of potential security problems,” Spire Security’s Lindstrom told TechNewsWorld.
“Unfortunately, security risks have been rapidly multiplying as technology has become smaller and more innovative. Once corporations figure out how to best deal with camera phones, there will be plenty of other security issues that they will need to address.”