When it comes to cybersecurity, most executives think about the security of their network. Some more tech-savvy leaders may consider the human element behind phishing attacks, but few are aware of what most experts consider the biggest risks in corporate data security: employees’ mobile phones. These devices are the weakest links in data security, and IT departments are wrestling with managing the proliferation of devices in the workplace. And while organizations grapple with how to handle "bring your own device" policies, the potential for mobile attacks continues to grow. In July, comScore reported that half of all digital time was spent on smartphones, and 68 percent was spent on some type of mobile device. If an organization isn’t already considering mobile security, it should be. However, securing mobile devices in the workplace is difficult. Android is a fragmented mobile operating system, and security researchers expect more attacks on Apple’s iOS in the near future. Nevertheless, one of the simplest steps organizations can take is to put a mobile security policy in place regarding appropriate use of these devices, and what should be done if a device is lost or stolen. Most mobile devices are breached due to human error, not because of security flaws in the devices themselves.