With the upcoming launch of Windows Phone 7 we all have more than enough choices in selecting a phone. But in business you cannot choose the phone to give your employees based on what apps it runs or what you can do with it. The decision has to be about what can you control. I believe that there is a storm on the horizon in regards to smartphone security. The trend is to push more of your company information to the end points, including the phones. Yet these devices are largely unprotected. Malware has already been found to be able to scrape information from the iPhone. Malware on phones can turn on microphones, speakers, record conversations and copy data and we are still in its infancy.
If you allow any phone into your organization you open yourself up to tremendous amounts of risk. Without you having full control over the device, i.e. what is installed and used on it, you do not have control of your digital assets.
Client records, patient information, account numbers can be scraped right off of unprotected phones and that is just from the digital side. What if the phone was stolen and the thief had physical access to the data, what control do you have over destroying that device and rendering it unusable?
In my organization we have daily emails bouncing around internally regarding clients, prospects, costs, etc. that I do not want disclosed on the outside. We have taken the steps to protect our devices because we care about our client’s privacy, but based on what I have found lying at the gym a number of people do not.
At the end of the day you have to choose between feeding your farm or losing millions.