As companies add new mobile devices to their networks, security is further compromised. Not only does it become more difficult to monitor who's connecting to your systems, but as viruses and worms continue to plague companies, mobile devices are a growing part of the problem. The first mobile threats appeared this year, including the Brador-A Trojan, which affected Pocket PCs; the Duts virus, which infects executable files on wireless PDAs; and the Cabir worm, which uses Bluetooth's always-on connectivity to copy itself to other devices. Though it's unclear exactly what, if any, effect the malware had on corporate systems, analysts say these examples foreshadow problems to come.
Meanwhile, Bluetooth may be a greater threat to security than companies realize. "Bluetooth is reaching out constantly for other devices, and will connect with any Bluetooth device even in a public location," says Schatt. "That can compromise information that's on the phone, such as corporate phone numbers and even proprietary information. It can be a major loss for companies." Schatt adds that even when inside a company's corporate firewall, Bluetooth or wireless LANs, if still enabled, could create massive security risks. "Let's say you have an employee with a wireless LAN card. They come in and attach to the network through an Ethernet cable. Unless it's configured carefully, it's possible that the wireless card is still broadcasting at the same time as they are connected to the wireline. So they bypass the firewall entirely, creating external threats." While no companies have owned up to a security breach of this kind, security experts warn that unmanaged Bluetooth deployment invites "bluesnarfing," which gives hackers access to poorly secured mobile phones. And simply making your Bluetooth device undiscoverable won't stop a determined hackera program called Redfang can sniff out open but hidden Bluetooth devices.
As part of your security strategy, determine which internal systems can be accessed from outside the corporate firewall. This should depend on two things: Who is accessing the information, and how secure is their connection. Companies such as Caymas Systems Inc. have developed wireless identity management systems that verify employees' status before allowing them access to sensitive data.