Mobile is a top threat to business but security is lagging, says Sophos

Mobile devices are one of the biggest security threats and challenges to organisations, says security firm Sophos.

Mobile devices are one of the biggest security threats and challenges to organisations, says security firm Sophos.

"The mobile security market is behind where it needs to be," according to James Lyne, director of technology strategy at Sophos.

Mobile security is on the risk register of many chief information security officers, he says, but the security market's ability to service their needs is currently limited.

Given that security suppliers need to do some rapid development to fill the gap, it is imperative that businesses take care of security basics, Lyne told Computer Weekly.

This includes implementing complex passwords and ensuring data encryption capabilities are turned on and used.

Research commissioned by Sophos shows that while 50% of more than 1,000 respondents do not feel confident that data would be secure if their mobile devices were lost, 30% said their company does not have a security policy in place to protect information on personal devices used for work purposes.

Lyne says it is important for all organisations using mobile devices to have a security policy in place and to have the means to ensure that all users and devices are compliant.

"Mobile data communications present a significant business opportunity, but it can also be a threat unless managed properly," he says.

When fully fledged mobile security products become available in late 2011 and early 2012, Lyne says it will provide organisations with an opportunity to throw out legacy architectures, start afresh, and apply lessons learned.

"Most IT security has been about Microsoft in the past, but now there are many more operating systems in corporate environments on mobile devices that need the same kind of protection," he says.

IT security policies need to be focused on strengthening an organisation's defences on the proliferation of operating platforms used by employees.

This can be achieved in the short term through better web security and patch management, as well as application, device and access control, says Lyne.

Smartphones: Computer Weekly Buyer's Guide

Cisco announces new tools for securing the mobile enterprise

CESG approves BlackBerry Enterprise Solution for 'restricted' government information

Read more on IT risk management