Companies risk losing sensitive data and documents
because they are failing to secure the Blackberry devices and
mobile phones used by their workforce, a mobile telecoms provider
warned this week.
Businesses are neglecting to take even the simplest security
precautions, such as using passwords to protect access to corporate
e-mails if staff lose their handheld devices, according to telco
Orange, which commissioned a survey of 2,650 organisations by
analyst firm Quocirca.
The survey found that 40% of businesses did not apply the same
degree of security to handheld devices as they did to laptop
computers.
Yet nearly 70% of those surveyed said that data falling into the
wrong hands through the theft or loss of mobile devices was their
most important mobile security concern, ranking above unauthorised
network access.
“Increasing numbers of PDAs and advanced mobile phones are being
used in business but the measures organisations take to secure the
data stored and accessed by these devices is often inadequate,”
said Rob Bamford, principal analyst at Quocirca.
The problem is becoming increasingly acute as more firms issue
their staff with smartphones capable of accessing the corporate
network to retrieve e-mails.
Handheld devices are often purchased by departments responsible
for buying mobile phones, rather than the IT department. As a
result, handheld devices often fall outside company security
policies, according to Clive Richardson, product director at Orange
Business Solutions.
“It is very common in the laptop area to have strong security,
but it's less common to have policies for handheld devices," he
said. "Yet the high-end devices have the power of PCs a couple of
years ago."
Quocirca advises businesses to invest in remote deactivation
services, which can automatically delete the contents of a mobile
device’s memory if it is lost or stolen.
Businesses will also need to take steps to protect their mobile
devices from viruses, as mobile phone viruses become more
common.
Orange said it was working on technology that would let
companies automatically distribute anti-virus software to multiple
devices. Mobile phone makers are developing digital certificates to
authenticate software downloaded onto mobile phones and prevent
viruses from running.
Bamford advised companies to make sure they had security
policies in place for staff using mobile devices – and enforced
them.
“It's making sure that everyone understands, right from the top
of the organisation to the bottom," said Bamford. "Everyone has a
responsibility for security. The more mobile a device is, the
easier it is to be careless with it or lose it."
* Coventry University Enterprises is rolling out smartphones to
60 of its staff so they can access e-mails and diaries on the
move.
The organisation said it was using a range of measures to secure
them, including blocking e-mail attachments, encrypting data and
insisting on staff using passwords.
Top tips for secure smartphones and PDAs
1 Establish policy
Start with a business
policy for mobile access, which feeds into a narrower IT policy to
ensure decisions are aligned to business needs rather than the
technology du jour.
2 Support policy and processes with
technology
Automated backup and data synchronisation reduces the need for user
intervention and the possibility for errors.
3 Build on experience
Policy and processes need to adapt to changing technology, threats
and usage patterns of mobile working.
4 Communicate
Policy must be understood from top to bottom of the organisation
and implemented as business processes.
5 Protect the device
Anti-virus, firewall
and VPN software usage should not be left to users, but provided as
a corporate resource, installed on every suitable mobile device and
updated regularly and automatically.
6 Single point of support
Users need a simple method of getting help or advice in the event
of a problem.
7 Asset tracking
Log corporate assets given to employees in an asset register,
update the register whenever loss, theft or upgrades occur or an
asset-holding employee leaves.
8 Amnesty
If unofficial usage is already
rife, offer an "amnesty" with guidelines for what devices are
acceptable, and how they can be brought into the corporate fold,
rather than simply imposing an outright ban.
9 Keep a sense of perspective
Total security and control of mobile technology is impractical and
potentially smothers the productivity gains hoped for. Be pragmatic
and weigh up the advantages against the risks and costs.
Source: Quocirca and Orange Business
Solutions.