As smart phones continue to grow in popularity, they are playing an ever-increasing role in the workplace. In some cases, employees are using personal devices for work purposes. In other cases, organizations are issuing devices to staff. And while they do not create the same threat as laptops with respect to malware, they still merit consideration.
Many organizations are, however, neglecting to pay adequate attention to the security risks such devices can pose, said John Girard, a Gartner Research vice president, speaking at a recent Gartner conference in Washington, D.C. Just a small percentage of organizations have adequate policies and technical controls to secure the devices, said Girard.
By implementing a few security measures, such as adding encryption and authentication, organizations could gain significant security benefits, he said. Phones should also be set to “time out” after 15 to 20 minutes, advised Girard. Many employees set the devices to time out after far longer periods, for convenience.
Another problem is that policies regarding smart phones tend not to be strongly enforced, noted Girard. Many organizations, for example, will tell employees that if they are going to use devices for both personal and work reasons, they should be careful not to download untrusted software. But such “honor codes” rarely work, he said.
(To finish reading "Get Smart About Protecting Phones" from the October issue, click here.)