Forty per cent of businesses feel they do not secure
handheld devices to the level they secure laptops, according to new
research from Orange and the analyst house Quocirca, which surveyed
2,853 IT professionals. As increasingly powerful handheld devices
store more critical data, businesses are leaving themselves open to
a new source of security risk, the research argues.
“We found that increasing numbers of PDAs and advanced mobile
phones are being used in business, but the measures organisations
take to secure the data stored and accessed by these devices are
often inadequate. The issue is compounded by the insufficient
levels of technical support and training given to users,” said Rob
Bamforth, Principal Analyst, Quocirca.
The research shows that IT managers acknowledge the threat. They
have more concern over loss, damage and unauthorised use of devices
compared to security risk at a network level, as the highly mobile
nature of handheld devices makes them easier to lose or steal. Yet,
usually due to the lack of centralised management, mobile devices
are often unprotected. Conversely, as service providers embrace
encryption technology and virtual private networks (VPNs), the
majority of security concerns are less related to technology and
more to human factors.
“Security in mobile working has now evolved to a point where all
the risks are manageable - it should not be an impediment to
adoption. To properly address concerns regarding mobile security,
businesses must embrace mobile technology and proactively manage
security as it does with other parts of IT infrastructure. It is
disturbing to think that the vast majority of mobile device users
have not even guarded against unauthorised access by applying a
straightforward password,” said Clive Richardson, head of product
development, Orange Business Solutions.
Orange customer Coventry University Enterprises Ltd takes
security very seriously. All laptops are connected to the central
system via a virtual private network (VPN). Cisco’s firewall
technology is deployed and encryption used for sending data from
laptops. The C500s used by employees have 128-bit secure socket
layer encryption and a secure password policy has been rolled out
for accessing data from mobile devices. All mobile workers are
fully trained, and have a formal mobile working policy to adhere
to.
Security requirements are as individual as companies, but there
are some common guidelines that companies can follow. These include
setting parameters on what information can be stored, accessed and
transferred by mobile devices, frequently backing up devices and
ensuring strong user and device authentication for all mobile
devices. Orange smartphone devices, which include the SPV C500, SPV
M1000, SPV M2000 and the Treo 650, all come with back up and
authentication functions. In addition, the Orange network has been
awarded the BS7799 security accreditation, the most widely
recognised security standard in the world.
Further Information can be found on the Orange website at
www.orange.co.uk.