Today's business-class smartphones have the same memory, processing power, and application capabilities that laptop PCs had in the early part of this decade. For CIOs and IT managers, that's both good news and bad. On the plus side, it gives them the option of equipping mobile employees with $400 smartphones rather than $2,000 laptops. But on the downside, those advanced capabilities have made smartphones an increasingly attractive target for virus writers and hackers.

That's one key finding in the April issue of Unstrung Enterprise Insider, Mobile Malware: The Enterprise at Risk, which looks at the key issues that CIOs and IT managers should consider when developing and executing a wireless security strategy. Although most mobile malware thus far has been of the nuisance variety, it's a mistake to downplay a threat that is already affecting the bottom line.

For example, suppose an employee is traveling and her phone becomes infected. Because she's away from the office, she can't simply walk the phone to the IT department for repair. Instead, she must waste productivity calling the help desk and following their instructions for repairing the phone. If her salary is $60,000, and she spends three hours tinkering with the infected phone, the malware's cost is a minimum of $86.55.

There's also the cost to staff up the help desk to deal with mobile malware. If a technician makes $40,000, then the three hours working with the employee costs $57.69. If their phone conversation is enough to repair the phone, then the total cost is $144.24. If it's not, one must add in costs such as overnighting a replacement handset and keeping a stockpile of spare smartphones for these types of emergencies.

With mobile malware solutions starting at around $1 per month per device, the business case for these products looks like money well spent.

Some mobile malware runs up an additional tab by dialing for dollars. For nearly two years, malware writers have been creating Trojans such as Mosquito, which forces the phone to send text messages – without the user's knowledge – to premium services that are charged to the phone's account. Unless employees and managers scrutinize wireless bills, such charges can easily slip through.

The financial impact is likely to get even bigger as mobile malware matures and has to be eradicated from more than just phones. Two recent examples are Cardtrap and Crossover, which appeared in September 2005 and February 2006, respectively. They're the first viruses that can infect a handset – specifically, those running the Symbian operating system, which is the most heavily targeted overall – and then spread to a Windows PC during the syncing process, or vice-versa.

As Cardtrap's creator noted: "This virus closes the gap between handhelds and desktops. Now it's one big world, open to all."

— Tim Kridel, Contributing Analyst, Unstrung Enterprise Insider

This report, Mobile Malware: The Enterprise at Risk, is available as part of an annual subscription (6 bimonthly issues) to Unstrung Enterprise Insider, priced at $1,295. Individual reports are available for $900. For more information, or to subscribe, please visit: www.unstrung.com/enterprise.