An IT Manager's Insight into Mobile Security

MOBILE security is a hot issue, but who's listening? Who really cares? The mere mention of security sends most people running. Investing in preventative IT security has never been a very popular topic. Most board directors clam up and switch off at the words "Your Company could be at risk if you don't invest in XYZ technology". It's a hard sell for IT managers and it often takes a competitor, or indeed themselves, to become a victim of crime before they sit up and listen.Users too are very lazy and complacent when it comes to IT security. They don't value the information they carry around with them, and most are just too busy to worry about anything that might further complicate their lives. This was made very clear in a Mobile Usage Survey conducted by Infosecurity and Pointsec. It found that a third of users don't bother protecting their mobile devices with passwords, even though they store highly confidential company and personal information on them, including all their other passwords, PIN numbers and bank details.Who's got what information where?Surprised by these figures? I doubt it! If you're an IT manager you'll have been there. Infact your users will have probably lost more laptops than you can remember. Surveys show that any large organisation loses between 3-5% of their laptops every year. Relaying laptop theft stories is almost as commonplace as people boasting about how much their houses have shot up in price over the last two years.However, with an increasingly mobile workforce, often using privately bought mobile devices, companies and their IT departments have to take greater notice of who is carrying what around with them, and take account of the damage that could be caused if this information was lost and broadcast to the outside world.It was fine when company information just resided on office-located PCs and servers. The IT departments had far greater control over the stored information. Nowadays, private and sensitive data is being carried out of the office, left in bars or restaurants, in the backs of taxis or trains and, most commonly, forgotten in airports. The IT manager's job is a nightmare!Insuring against hardware theft is rapidly becoming pointless and expensive, and few companies bother to take out policies because the premiums are so high. Plus companies are now realising that the true cost of a stolen item of hardware is not the device itself, but the information it contains. No company is without laptops, PDAs or smart phones these days, so if you don't want your company to become another statistic, or victim of data theft, I invite you to follow six Golden Rules (see sidebar).Nothing in life can be guaranteed, but these rules go a long way to establishing some peace of mind for the IT manager. When you take such steps to protect your organisation's essential information, it offers some assurance that, when you read that thousands of mobile devices are lost or stolen this year, with embarrassing and expensive consequences, chances are that yours won't be among them.6 GOLDEN RULES FOR MOBILE SECURITY1. Implement a Mobile Use Policy, or ensure that your corporate IT security policy has specific provision for mobile devices. Update it whenever you adopt new hardware categories, such as combined PDA/phones. The information that needs to be protected is the same. These are just different ways of storing it.2. Take the responsibility of IT security away from the end-user and manage and deploy it centrally. Work on the premise that nobody can be trusted to safeguard their device. Wake up to the fact that they are just not interested in security. …