Provides guidance on drafting, implementing, and maintaining mobile device security policies for organizations of all sizes. Topics include encryption mandates, password requirements, app whitelisting, lost device procedures, and regulatory compliance frameworks.
posts
A Single Phone Took Down an Entire Pipeline In 2021, a compromised password — likely harvested from a mobile device or reused across platforms — gave threat actors access to Colonial Pipeline's VPN. The result: fuel shortages across the Eastern United States, a $4.4 million ransom payment, and a
In 2023, Verizon's Data Breach Investigations Report found that 74% of all breaches involved the human element — and a growing percentage of those started on a mobile device. I've reviewed mobile device security policies for organizations of every size, and here's the uncomfortable truth:
A Single Stolen Phone Cost This Company $4.9 Million In 2023, a healthcare organization reported to the HHS that a single unencrypted mobile device — left in a rideshare — led to the exposure of over 100,000 patient records. The resulting HIPAA settlement, remediation costs, and reputational damage ran into
In March 2023, Samsung employees accidentally leaked sensitive source code and internal meeting notes by pasting proprietary data into ChatGPT — on their mobile devices. No malware was involved. No sophisticated threat actor broke through a firewall. Employees simply used their phones in ways the company's mobile device security
In April 2021, the FBI's IC3 reported a sharp rise in mobile-focused phishing attacks — schemes specifically designed to exploit the smaller screens and always-on nature of smartphones. I've watched organizations pour millions into securing their perimeters while ignoring the devices employees actually use the most. The
A Single Lost Phone Cost This Company $3.3 Million In 2023, the healthcare provider Yakima Valley Memorial Hospital disclosed a data breach where a security guard used login credentials on a personal mobile device to access the records of over 400 patients. That incident triggered an OCR investigation, reputational
The $4.88 Million Risk Sitting in Your Employees' Pockets In 2024, IBM's Cost of a Data Breach Report pegged the global average breach cost at $4.88 million. What most executives don't realize is how often the attack chain starts with a compromised mobile
