How secure are your mobile devices?
Information Week has published an interesting report, 2012 State of Mobility Security. Their study showed that 90% thought mobile devices were a threat to their network. The top concern by far was loss or infection of a device (see page 9 for other risks).
The report sounds an alarm, concluding that while 86% either permit (62%) the use of personal devices or are moving that way, most (69%) have issues with their mobile security policies and practices. For example:
- 80% only require passwords
- Just 14% require hardware encryption
- Only 40% both limit the range of devices user can have and require that they be connected to a mobile device management system (such as Sybase’s Afaria)
- 42% will allow any device, asking only that employees agree to company policies
- Only 20% has systems to detect malware on all their mobile devices
- Just 29% have an internal ‘app store’
- 24% companies are still using WEP technology, shown to be weak by the TJ Maxx disaster, where the company paid $50m to settle with those affected by the compromise of some 45 million debit and credit card numbers.
The report should be required reading for all those responsible for IT security. It includes discussions of the technical issues together with a number of essential recommendations.
You may also want to see my review of an earlier, in-depth study by the Ponemon Institute. That identified some additional issues that require attention.
I welcome your views.
PS – if you are interested in SOX compliance, please check out my book on optimizing your program.
Recent Posts on this Blog
- Risk and Culture December 9, 2016
- New guidance on operational risk December 3, 2016
- Why do so many practitioners misunderstand risk? November 26, 2016
- A new front opens in the SOX battle November 20, 2016
- Internal audit reports do the function a great disservice November 12, 2016
- My new book on Auditing that Matters is available November 9, 2016
- Time for a leap change in risk management guidance November 5, 2016
- Cyber security and the board October 29, 2016
- The biggest obstacle to effective risk management October 28, 2016
- A revolution in risk management October 22, 2016
- Why do people commit fraud? October 14, 2016
- What could go wrong with strategy and its execution? October 6, 2016
- Is a new maturity model for GRC the right model? September 25, 2016
- The Wells Fargo “Staff Scam”: More questions and fewer answers September 16, 2016
- The astonishing Wells Fargo fraud September 10, 2016
- How Much Cyberrisk Should We Take? December 9, 2016
- Do We Know How to Audit Technology-related Risks? December 5, 2016
- The State of Information or Cybersecurity November 28, 2016
- Back to the Future for Internal Audit November 21, 2016
- How Do You Change the Culture of the Organization? November 15, 2016
- Why Does ERM Fail So Often? November 7, 2016
- Incentives and Ethics: Transparency International Speaks Out October 31, 2016
- A COSO Gem Helps Assess Risks and Related Control Deficiencies October 25, 2016
- Focusing on the Wrong Line of Defense October 17, 2016
- Internal Audit and the Internet of Things October 10, 2016