How can organizations better secure the mobile phones their employees use?
Even though you can make the argument that there is a new threat and there’s a high-threat scenario for the organization, you’re not going to stop it. A lot of organizations don’t issue phones on their own behalf. They tell individuals to purchase their own phones and expense it back. Now the organization gets into a quandary: how can I mandate something I don’t have control over? So there becomes this question of threat versus cost … they don’t want to have to manage this and [by not owning the phone], they also lose a lot of legal liability over the use of the phone as well. The downside is the organization needs to decide what usage policy it will set over phones … because the organization can legally only enforce policies for things they own. Can companies write security policies to cover devices they don’t own? We do this a lot for laptops and home computers … It [basically] says, know that intellectual property is still important. For example, at Unisys we have a policy that allo
