Corporate Mobile Phone Security Considerations
Some excellent analysis on security exposures and corporate recommendations are presented in these detailed PDF documents.
NIST - Guidelines on Cell Phone and PDA Security
QUOTE: The cell phone is becoming an entirely new tool— especially outside the U.S., where accessing the Internet from a mobile device can provide a better experience than traditional fixed computing. VoIP technology also continues to improve and will rival landline and mobile communications in terms of reliability and call quality. As Internet telephony and mobile computing handle more and more data, they will become more frequent targets of cyber crime.
NIST Guidelines on Cell Phone and PDA Security (51 pages)
SECURITY RISKS: The Executive Summary presents a succinct overview including a list of vulnerabilities leading to risks for corporate security from cell phones and PDAs:
• The devices are easily lost or stolen and few have effective access controls or encryption;
• They’re susceptible to infection by malware;
• They can receive spam;
• Wireless communications can be intercepted, remote activation of microphones can eavesdrop on meetings, and spyware can channel confidential information out of the organization;
• Location-tracking systems allow for inference;
• E-mail kept on servers as a convenience for cell-phone/PDA users may be vulnerable to server vulnerabilities.
RECOMMENDATIONS: The key recommendations, which are discussed at length in this 51-page document, include the following (quoting from the list on page ES-2 through ES-4):
1. Organizations should plan and address the security aspects of organization-issued cell phones and PDAs.
2. Organizations should employ appropriate security management practices and controls over handheld devices.
3. Organizations should ensure that handheld devices are deployed, configured, and managed to meet the organizations’ security requirements and objectives.
4. Organizations should ensure an ongoing process of maintaining the security of handheld devices throughout their lifecycle.