I’ll assume that you are using mobile applications in your business.
If I am correct, I’d like you to ceck out the Mobile Antivirus Researchers Association’s list of the ten most critical wireless and mobile security vulnerabilities.
Let us select several of these vulnerabilities, and what you can do about each
Default WiFi routers– Never deploy a router that is deployed to a static IP address. If this is the case, “sniffing” programs may go undetected.
Rogue Access Points: Don’t fall into the trap of installing a network Access Point without notifying your network administrator first. If you fail to do this, your Access Point will likely be unprotected.
Wireless Zero Configuration– Turn off your Access Points default configuration that displays your SSID as plain text. You can do this by disabling this function in the Services list within Windows XP.
Clear Text Encryption Passwords– Be aware that some third party”encryption” password storage utilities actually display passwords and other personally identificable access info as plain text. If your mobile device is stolen, then watch out.
Autorun– This can affect handsets that run on the Windows Mobile OS. The problem here is that when you insert a media card into the Windows Mobile OS PDA, Windows Mobile will copy over the autorun.exe (if it exists), create a copy in the /Windows directory, and execute it. “WM5 does question the user if the application can be launched, but previous version of WM and Pocket PC do not,” the Mobile AntiVirus Researchers Association notes on their website. “The file remains on the PDA until the media card is removed.” To forestallthis from happening, Mobile AV suggests that you create a read-only dummy executable called autorun.exe and insert it in the /Windows folder.
The final tip is so obvious it falls into “well, duh,” territory. But despite its “well, duh” status, it is arguably the most important:
Lost and Stolen Devices– Mobile AV suggests that you should encrypt all mobile databases (including patient medical records, financial institution customer lists, etc.) ” Layered security such as encrypted file systems, etc. are also important,” the group advises. “Remote data wipe is controversial, as it has the potential of being exploited by mass-deleting network worms.
Additionally, Mobile AV suggests user education, a written and specific security policy, a login copyright banner- and, of course, “return this device” contact info. And, maybe a reward policy as well.