Do You Have A Mobile Security Policy?

Without one – firmly enforced – your security perimeter is just a series of holes. Here’s a guide to tightening policy.


How to Help Your Business Become an AI Early Adopter


(Page 1 of 2)

It’s a problem so pervasive that some IT managers have started calling it the “After-Christmas Syndrome”: every January and February, workers who received new gadgets flood IT departments with requests for network access.

Unfortunately, a surprisingly high number of companies don’t have policies in place for dealing with personal mobile devices. And an even higher number lack an effective way to enforce the policies they have. Believing it’s “better to ask forgiveness than permission,” some employees disregard corporate mobility policies and find rogue workarounds that let them use the hottest new handhelds.

While personal devices can greatly increase productivity, they also increase the potential for security breaches.

Counting the Cost of Mobility

As laptops, PDAs, and smartphones become smaller and smaller, they also become easier to lose. In a recent survey by The Ponemon Institute, 81 percent of US companies reported losing at least one laptop containing sensitive data in the previous 12 months. And according to the Privacy Rights Clearinghouse, more than 100 million individual records containing private information have been involved in security breaches in the past two years.

Related Articles
The Many Myths of Endpoint Security

IT, Security and the Legalese of Compliance

Restoring Online Privacy

Security Flaw Could Ground Wi-Fi Users

FREE IT Management Newsletters

The cost of those security breaches is high and rising. The Ponemon Institute found that in 2006, data breaches cost an average of $182 per record, up a full 31 percent from 2005. A separate Symantec survey found that the average corporate laptop contains $972,000 worth of data.

But losing sensitive data contained on mobile devices isn’t the only potential risk. Failing to secure wireless gadgets may place some companies in violation of regulatory requirements like GLBA, SOX, or HIPAA. This lack of compliance puts them at risk for fines or other government actions.

“The fact that security legislation does not specifically mention mobile devices should not be considered evidence that mobile devices are somehow exempt from the law;” a PointSec Mobile Technologies white paper urges. “Instead, it should be emphasized that from the legal standpoint, securing mobile devices is just as critical as securing a supercomputer.” Even if a smartphone or PDA doesn’t hold any sensitive data, it may be used as a key giving criminals access to the entire corporate network. In fact, improperly secured Bluetooth devices may compromise the corporate network just by being used in a public place.

The threat from viruses, spam, and other malware specifically targeting mobile devices is also growing. According to McAfee AVERT Labs, during just one year, the threat to mobile devices grew 10 times as fast as the threat to traditional PCs.

Who Needs a Policy?

Given the size of the problem, you might expect every company in America to have a formal mobile security policy—but that isn’t the case.

“I’m constantly surprised by how many IT executives have not considered mobile security in their overall security plan,” says Bob Egner, marketing VP for PointSec.

In fact, in a study by the Business Performance Management Forum, 40 percent of companies surveyed had no formal mobile security policy, despite the fact that 80 percent of companies planned to increase their use of mobile devices in the coming year. The problem was particularly significant for smaller enterprises: nearly 68 percent of those with revenues less than $100 million did not have a formal policy.

However, those numbers may be changing soon. A recent Forrester report found that all but 16 percent of companies surveyed planned to consider mobile and wireless strategy and policies in the coming year.

Page 1 of 2

1 2
Next Page

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.