Questions surrounding the security of mobile computing devices (laptops, PDAs, smartphones) continue to be a top concern for businesses looking to deploy these technologies for streamlining efficiencies. There is good reason for this apprehension. Even the smallest smartphones today come equipped with 128 MB of onboard storage and high-speed Wi-Fi chips capable of downloading data from a corporate network. Furthermore, over the past few years, the public has been bombarded with tales of how sensitive personal and corporate information has fallen into the wrong hands as a result of stolen laptops or other mobile devices. For example, in late 2007, a laptop was stolen that contained the names, Social Security numbers, and other personal information of more than 800,000 people who applied for work at Gap, Old Navy, and Banana Republic stores. Paris Hilton even alerted us to the security risks of mobile devices when her smartphone was hacked into, giving a teenager access to her personal e-mails, photos, and celebrity phone numbers.
Now, I would bet that most businesses have more sophisticated mobile device security measures in place than Paris Hilton — but then again, maybe they don't. According to a report entitled "Comply On The Fly" by the Business Performance Management Forum (BPMF), 40% of enterprises do not yet have mobile device security policies in place. This number is alarming to me, considering that the threat of corporate data loss doesn't lie only with C-level mobile executives, but with every mobile device that is deployed to field service workers and mobile sales professionals as well. Maybe it's time you took a harder look at your own mobile security measures to ensure your business can keep from becoming the next headline.
A Path To Mobile Security
Fortunately, there are security measures your organization can take to safeguard its mobile devices and address wireless vulnerabilities. A few of these steps include:
Establish a mobile security policy — Conduct a thorough vulnerability assessment to identify all your mobile assets and risks. Use the results of this assessment to define an acceptable use policy for mobile devices that coincides with policies regarding desktop and server use. Furthermore, train your employees to understand what constitutes appropriate and inappropriate use of a mobile device and the consequences of failing to comply with the policy. Finally, require each employee who carries a mobile device to sign a security agreement that verifies they understand the terms of the policy.
Enforce password use — At a minimum, ensure that your mobile employees use the power-on PIN or password feature that is standard on most mobile devices.
Encrypt sensitive data — Users should be prohibited from storing certain types of data on the device (e.g. credit card, bank account, or Social Security numbers). When sensitive information must be stored, data encryption products should be used to reduce the risk if the mobile device is lost, stolen, or hacked.
Track your mobile devices — Gartner estimates that the cost of each unrecovered smartphone or PDA is $2,500 because of the proprietary data it contains. Gartner also forecasts that larger enterprises or companies with large field organizations can save $300,000 to $500,000 each year by tagging and tracking these mobile devices with RFID (radio frequency identification) or other asset management technologies. This ROI should be reason enough to consider a mobile device tracking strategy.