Mobile devices are another security problem

Last week I stated that Employees cause most corporate data loss, with a specific nod to the problem of physical access to machines.

Another problem that has occurred to me recently is the issue of mobile devices. Although a lot of laptops go missing (10,000 according to a survey by the TSA), I suspect a significantly higher proportion of mobile phones and PDAs go missing. At a recent conference, three iPhones went missing within the first few days.

My iPod Touch and my phone both provide access to my corporate and personal email accounts, which would be interesting in themselves to many I'm sure. But the danger with providing access to your email account is that password reminders are often sent to your email address. Once you have access to my email, you could get access to my Amazon account, order tons of stuff using my cards and leave me out of pocket and with no redress to my card company for basically giving someone else access to my account.

That is, in some respects, why I like multiple email accounts. Get my iPod Touch and you'll get into my business accounts, but I deliberately dont put the email accounts I use for financial or online purchasing.

But back to the original point, people use their phones to access their corporate account, and even their corporate network, and sometimes make se of the ability to automatically keep the password information for them. Find or steal an iPhone, Blackberry or just a standard mobile phone and you end up with access to a lot more than their phone bill and address book.