It appears that businesses finally understand the security risks that mobile devices present, since now almost everyone is instituting mobile security policies. That's the good news.
The bad news is that the majority of employees don't know those policies exist. That's the finding of a new study by McAfee and Carnegie Mellon University. The McAfee Mobility and Security Survey interviewed 1500 companies. Other findings include:
The survey also pointed out a prime reason why it is so important that employers educate and enforce their mobile security policies:
Not only are people reliant on their mobile devices, they are downloading a lot of apps and the line between professional and personal use continues to blur. And McAfee's own 2011 threat prediction stated, according to the survey:
Attacks against mobile devices - including iPhones, Android devices, and more - will escalate in 2011 as criminals seek to tap into fragile cellular infrastructure' to access often unencrypted business and corporate communications. As mobile devices are increasingly commonplace in corporate and enterprise environments, there are more ways for trade secrets and other critical information to escape into the wild - and McAfee believes cybercriminals will increasingly be looking for it.
So what might help improve mobile security for these business devices? Perhaps location software, but if the data is already stolen, locating the device isn't your biggest problem anymore. The survey suggested several ideas, which just so happen to fall into my regular talking points: Educate your employees of security policy, secure the device with the technologies available and be aware of the threats that are out there.