How secure are your mobile devices?
Information Week has published an interesting report, 2012 State of Mobility Security. Their study showed that 90% thought mobile devices were a threat to their network. The top concern by far was loss or infection of a device (see page 9 for other risks).
The report sounds an alarm, concluding that while 86% either permit (62%) the use of personal devices or are moving that way, most (69%) have issues with their mobile security policies and practices. For example:
- 80% only require passwords
- Just 14% require hardware encryption
- Only 40% both limit the range of devices user can have and require that they be connected to a mobile device management system (such as Sybase’s Afaria)
- 42% will allow any device, asking only that employees agree to company policies
- Only 20% has systems to detect malware on all their mobile devices
- Just 29% have an internal ‘app store’
- 24% companies are still using WEP technology, shown to be weak by the TJ Maxx disaster, where the company paid $50m to settle with those affected by the compromise of some 45 million debit and credit card numbers.
The report should be required reading for all those responsible for IT security. It includes discussions of the technical issues together with a number of essential recommendations.
You may also want to see my review of an earlier, in-depth study by the Ponemon Institute. That identified some additional issues that require attention.
I welcome your views.
PS – if you are interested in SOX compliance, please check out my book on optimizing your program.
Leave a Reply Cancel reply
- Excellent Advice on Risk Oversight May 20, 2013
- Deloitte Takes a Highly Intelligent Approach to Risk Management May 3, 2013
- Gartner Points to Failures to Obtain Value From Technology April 29, 2013
- The Important Risks That Are Overlooked but Should Come First April 23, 2013
- Technology is Too Important to Leave to IT April 23, 2013
- Does It Make Sense to Discuss GRC? April 23, 2013
- Risk-Based Audit Opinions That Matter April 8, 2013
- Deloitte Discusses Disruptive Technology April 1, 2013
- The Path to Excellence for Internal Audit March 26, 2013
- PwC Issues State of the Internal Audit Profession 2013 March 26, 2013
Recent Posts on this Blog
- Further reflections on the updated COSO Internal Control Framework
- Reflections on the updated COSO Internal Control Framework
- SAP’s Secret Recipe for GRC
- Why it makes sense to consider GRC
- John Fraser talks sense about risk management
- Is serving on an audit committee a job to love or fear?
- EY gets a “B-” for their IT audit guidance
- Boards should be concerned about their CEOs
- The Barriers to Effective Risk Management
- Financial services firms confused about risk management
- Deloitte Provides Advice on Risk Assessment
- Audit reports should be written in the language of the business
- Aligning the board, risk management, and internal audit
- Advice on scoping SOX work on segregation of duties (SOD) and restricted access (RA)
- Why I worry First about Uncertainty and then about Risk