Asian firms not securing mobile devices well

Businesses in Asia are still not paying enough attention to securing corporate mobile devices, according to findings of a recent Symantec survey.

Conducted between November 2007 and February 2008, the Web-based survey found that nearly half of the 560 respondents use mobile devices to access corporate e-mail accounts, but fewer than one-third of the enterprises had mobile security policies in place.

In addition, 27 percent indicated they did not have mobile antivirus software.

Conducted on businesses in India, Indonesia, Malaysia, the Philippines, Singapore and Thailand, the survey featured questions on e-mail security, backup and archival. A rating of the "health" of the respondent's corporate e-mail systems would be generated at the end of each completed questionnaire.

Don Ng, Symantec's director of enterprise security for the Asia-Pacific, told ZDNet Asia Friday that in terms of absolute numbers, mobile viruses are not as prevalent as Windows-based PCs.

However, the threat is "more significant" as mobile devices, and in particular smartphones, increasingly contain more personal data. For example, Ng said other than access to his corporate e-mail, his smartphone also contains passwords and banking credentials.

The value of a mobile device has gone beyond just a communication tool; it's a lifestyle companion with all our information on it," he noted.

Businesses need to treat mobile devices as PCs and implement the same protective measures, said Singapore-based Ng. "Whatever that [businesses] have accomplished in order to protect personal computers, workstations and servers within the corporate environment, [they] will need a similar infrastructure for mobile devices," he added.

Symantec highlighted three key ways to secure corporate mobile devices such as smartphones:

1. Put in place adequate protection measures
Ensure that there are multiple layers of security such as a firewall or antivirus software, and that they are able to run on different mobile platforms.

2. Encrypt data
Companies need to implement encryption technology to protect their mobile devices, especially if the users are entrusted with confidential information. This is to prevent important or sensitive data from being stolen.

3. Administer network access control
Identify access levels and classify users accordingly on a rigid basis to minimize the impact of data leakage.