Companies Should Secure Mobile Workforce, Analysts Say

It could be as simple as a smart phone dropping out of a CEOs pocket. From there, countless pieces of data fall from a pants pocket into the wrong hands.

With that in mind, companies need to secure network access and have the proper procedures in place to secure their mobile workforce, industry insiders said at the RSA Conference in early February.

Businesses should have a policy determining what data should be mobile and utilize encryption and other security measures–such as allowing data to be wiped remotely – on mobile devices, said Ron Pon, a senior security architect at Nortel. Pon and Kim Edwards, also from Nortel, offered their advice on best business practices to a room full of attendees at the conference.

Pon said companies should periodically check their policies to ensure they are up-to-date with the latest technologies. Strong authentication procedures are also vital, said Edwards, as is controlling just what is downloaded onto computers connected to the network. Company officials can block downloads all together or simply restrict them to certain applications deemed trustworthy, he said.

But equally as important are the behaviors of the employees themselves.

“Its very important that when you plug in a device you know where it is coming from,” said Edwards, also a senior security architect at Nortel.

/zimages/6/28571.gifClick hereto read more about Samsungs device management efforts.

Computers should be configured to not automatically install removable hardware, Edwards said, and people should avoid plugging in unknown USB keys. Still, companies need to strike a balance between their security needs and the need of offsite employees to access their business networks.

“You dont want to build Fort Knox,” Edwards said.

In a separate interview with eWEEK, Kara Hayes of Nokia predicted Feb. 6 that malware attacks against cellular phones will increase as more and more applications are added to the devices.

Network threats are more embedded than in the past, leaving companies in need of a way to detect threats at the application layer without harming the functionality of the network, she said.

“We have very security conscious customers,” said Hayes, who is product marketing manager of Enterprise Solutions Security and Mobile Connectivity.

Edwards and Pon listed a number of ways companies can control access, including the use of VPNs. The two also urged businesses to educate their employees to thwart social engineering attempts by cyber-criminals.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.