"...the help desk had been asked to install client software that would allow e-mail to synchronize with upper management’s new smart phones." ~ written by a real security manager, “C.J. Kelly,” whose name and employer have been disguised for obvious reasons.
Why she freaked, and why you should, too...
- Company had no written security policy about smart phones.
- Smart phones require client-side software hooked into Outlook.
- Syncing requires user’s PC to be left running with Outlook open.
- E-mail transfers aren’t encrypted.
- The phones aren’t password-protected.
- Phones not managable remotely. Data can't be wiped if lost or stolen.
- E-mails are cached on the ISP's servers for up to seven days.
- Smart-phone owners [others] can access their e-mail via the Web.
She researched some good compromise solutions. The real solution, however, is a smarter 'smart phone'. Until then, seriously consider more secure communications alternatives. ~ Kevin (more)