Companies should take immediate concrete steps to ensure that the valuable data that users interact with is not lost or stolen when beyond the bounds of the corporate campus. Losing a device is inconvenient, but losing $1 million worth (or more) of company data is the real penalty companies pay in lost or stolen devices. First steps to prevention include building a viable mobile security policy that incorporates best practices for handling mobile users' data needs and device selection, as well as connectivity
Requires Free Membership to View
options (e.g., VPN) and, importantly, on-device security (e.g., firewalling, Anti Virus, data file encryption and tracking). This last piece is the one that companies forget most often.
A mobile security policy must also set concrete guidelines for users, and these guidelines must be clearly communicated to the end users (something few companies do well). One of the highest risk factors mobile users present to a company is not knowing the proper way to protect company sensitive data (e.g., not moving sensitive data to easily lost, unprotected flash drives or syncing with unsecured PDAs). Make sure they know what is expected, and the vast majority of users will help secure the information. User knowledge and training is the No. 1 defense against mobile data insecurity.
Next, deploy mobile management and security suites available from a number of vendors (e.g., Credant, PointSec, Sybase Afaria). Companies should also deploy firewalling/AV suites (e.g., Symantec, McAfee, iPass, Fibrelink, Columbitech, F-Secure, NetMotion) to each device, especially the newer breed of smartphone devices, many of which have the power and storage capability of a PC of only three or four years ago. Most companies overlook protecting these devices, leaving them with a major exposure. Finally, review and modify the security policy as necessary, taking into account the newest devices deployed and the latest revision of business needs, to help users stay productive. Staying flexible and up to date is key to maintaining a high level of security and compliance, especially in those industries where government regulations are in place (e.g., healthcare, financial institutions, and government).
Mobile security is a moving target, as new devices, and the threats they pose, appear regularly. Yet with a little planning and foresight, companies can proactively prevent many of the security compromises so often seen today. Do the right thing by security, and save your company a potentially damaging security breach while maintaining the end user's mobility and productivity. It's your choice.
About the author: Jack E. Gold is a recognized expert in mobile computing and is founder and principal analyst at technology research firm J. Gold Associates. He can be contacted at jack.gold@jgoldassociates.com.
This was first published in November 2006