According to this article on NetworkWorld “smartphones are seen as a more of a security risk than laptops and mobile storage devices.” Apparently some 94% of senior IT staff fear PDAs present a security risk, just above the 88% who highlighted mobile storage devices as a worry.
The problem with the research is that it was conducted with IT staff. In my experience the IT department is the worst of all to rely on for determining what the biggest risks to the business are. And more often than not they are also the department likely to be the most flippant in their attitude to risk.
You’re probably more likely to lose your smartphone by accidentally flushing it down the lavatory than having it stolen by an opportunist intent on stealing any data that’s on it (see David Lacey’s blog on that very subject here). However let’s not lose track of the point that smartphones are yet another extension of our perimeter and need to be managed as such with a decent set of policies and security awareness messages to those carrying them around. In fact my opinion is that they only pose a security risk if companies ignore fundamental rules.
I do not rate the security risk as being greater than for laptops. In fact, if truth be told, in my role as a risk manager, they do not yet feature on my list of business concerns. But I’m open minded on the matter. Perhaps the IT department can give me their view?