The cost of those security breaches is high and rising. The Ponemon Institute found that in 2006, data breaches cost an average of $182 per record, up a full 31 percent from 2005. A separate Symantec survey found that the average corporate laptop contains $972,000 worth of data.

But losing sensitive data contained on mobile devices isn’t the only potential risk. Failing to secure wireless gadgets may place some companies in violation of regulatory requirements like GLBA, SOX, or HIPAA. This lack of compliance puts them at risk for fines or other government actions.

“The fact that security legislation does not specifically mention mobile devices should not be considered evidence that mobile devices are somehow exempt from the law;” a PointSec Mobile Technologies white paper urges. “Instead, it should be emphasized that from the legal standpoint, securing mobile devices is just as critical as securing a supercomputer.” Even if a smartphone or PDA doesn’t hold any sensitive data, it may be used as a key giving criminals access to the entire corporate network. In fact, improperly secured Bluetooth devices may compromise the corporate network just by being used in a public place.

The threat from viruses, spam, and other malware specifically targeting mobile devices is also growing. According to McAfee AVERT Labs, during just one year, the threat to mobile devices grew 10 times as fast as the threat to traditional PCs.

Who Needs a Policy?
Given the size of the problem, you might expect every company in America to have a formal mobile security policy—but that isn’t the case.

“I’m constantly surprised by how many IT executives have not considered mobile security in their overall security plan,” says Bob Egner, marketing VP for PointSec.

In fact, in a study by the Business Performance Management Forum, 40 percent of companies surveyed had no formal mobile security policy, despite the fact that 80 percent of companies planned to increase their use of mobile devices in the coming year. The problem was particularly significant for smaller enterprises: nearly 68 percent of those with revenues less than $100 million did not have a formal policy.

However, those numbers may be changing soon. A recent Forrester report found that all but 16 percent of companies surveyed planned to consider mobile and wireless strategy and policies in the coming year.

Story Courtesy of eSecurity Planet