Express computer has a nice article on growing security issues faced by enterprises with an increasing number of employees storing company data on mobile devices.
The article quotes a survey where it was discovered that almost 30% of users store their PINs, passwords and other critical information on their handheld devices without enabling the basic security features present on the system. Information such as customer contacts, e-mail details, passwords and bank account details, as well as that related to private matters, is getting stored in devices without much consideration to security.
As a result, a lost PDA or smartphone with no protection makes easy pickings for thieves, hackers or competitors with regard to corporate information. This could have an impact on customer confidence and damage a company’s reputation.
Few tips on mobile security for CIOs
- Create a mobile device security policy specifically for handheld devices.
- Start an awareness programme to make the new policy known within the organisation.
- All security settings should be maintained and controlled centrally.
- Deploy Enforceable Mandatory Access Control on all devices as the first line of defence.
- Purchase PDAs for employees; never allow users to connect their personal devices to the company network.
- Standardise on a few brands of devices, and support only a few mobile operating systems.
- Use Password/PIN standards.
- Consider automatic and user-transparent encryption of all data on mobile devices and removable media.
- Track and label devices; treat mobile devices like desktops and laptops, labelling them and keeping records.
- Treat wireless like the Internet. Use a VPN on top of WEP to connect to the internal network.
Another important aspect is protecting information that is being transferred from sniffing and spoofing.
The transmission of data from handheld devices to the corporate network, either using the corporate Wi-Fi network or a third-party network, should be encrypted using strong algorithms. For example, the transfer of mail in most smartphones is encrypted at the application layer between clients installed on the mobile devices and the server. Therefore, the