How secure are your mobile devices?
Information Week has published an interesting report, 2012 State of Mobility Security. Their study showed that 90% thought mobile devices were a threat to their network. The top concern by far was loss or infection of a device (see page 9 for other risks).
The report sounds an alarm, concluding that while 86% either permit (62%) the use of personal devices or are moving that way, most (69%) have issues with their mobile security policies and practices. For example:
- 80% only require passwords
- Just 14% require hardware encryption
- Only 40% both limit the range of devices user can have and require that they be connected to a mobile device management system (such as Sybase’s Afaria)
- 42% will allow any device, asking only that employees agree to company policies
- Only 20% has systems to detect malware on all their mobile devices
- Just 29% have an internal ‘app store’
- 24% companies are still using WEP technology, shown to be weak by the TJ Maxx disaster, where the company paid $50m to settle with those affected by the compromise of some 45 million debit and credit card numbers.
The report should be required reading for all those responsible for IT security. It includes discussions of the technical issues together with a number of essential recommendations.
You may also want to see my review of an earlier, in-depth study by the Ponemon Institute. That identified some additional issues that require attention.
I welcome your views.
PS – if you are interested in SOX compliance, please check out my book on optimizing your program.
Recent Posts on this Blog
- The risk of material errors in the quarterly financial statements March 10, 2017
- Is your compliance program strong enough? March 4, 2017
- Embedding risk into strategic planning and more February 25, 2017
- Cyber and reputation risk are dominoes February 18, 2017
- The current state of risk management February 11, 2017
- When an acceptable level of risk is not acceptable February 4, 2017
- How to mess up your risk management program January 28, 2017
- The value of a risk register January 21, 2017
- Risk in the Fourth Dimension January 15, 2017
- How much cyber risk should an organization take? January 7, 2017
- The real risks: the ones not in the typical list of top risks December 31, 2016
- An expert shares his views on the future of risk management December 18, 2016
- Selecting software to help manage user access risk December 17, 2016
- User access risk and SOX compliance December 12, 2016
- Risk and Culture December 9, 2016
- The Idea of a Unified Risk Oversight Council March 10, 2017
- The Integration of Governance, Risk, Compliance, and Related Activities March 6, 2017
- Cybersecurity Effectiveness February 27, 2017
- Cyber Root Cause Alarm Bells Are Ringing February 20, 2017
- Reports That Provide Actionable Information February 14, 2017
- What Is Holding the Company Back? February 6, 2017
- Do Internal Audit Reports Matter? February 1, 2017
- Monitoring Laws and Regulations and Their Effect on Your Organization January 24, 2017
- An Important Cyberrisk Framework January 16, 2017
- Deloitte Shares a List of "Risk" Trends to Watch in 2017 and Beyond January 9, 2017