It wasn't too long ago Apple was a mere blip in a Windows-dominated world. At least its modest market share meant they flew under the radar among most cybercriminals.

But now that Macs are hot again we're hearing more about malware attacks. And with Apple's monstrously successful iPhone and iPad product lines there's a growing concern these iOS devices could also be an obvious target by tech-savvy thieves -- and pose a threat to the entire corporate network.

Before allowing these devices into the organization, IT must educate employees to the risks, use tools to safeguard company data and develop policies that can reduce the odds of a security breach.

Or do you ban consumer devices altogether?

"Your company should not develop policies that excludes iOS devices," says Kevin Sterneckert, Research VP at the Stamford, Conn.-based Gartner research and consulting group. "Your employees are going to use these devices with or without permission – and with the latter, it could expose your network to major security breaches." "In other words, don't adopt a stick-your-head-in-the-sand strategy."

In fact, allowing users to choose the device they want has its benefits. "It could be less expensive for the company if they're not paying for device," adds Sterneckert, "so we're seeing more of a 'you bring the device and we'll provide the service' kind of scenario in the workplace today."

Sterneckert says there are different approaches to protecting mobile devices on the network, but there are three minimum "behaviors" every company should adopt:

• A four-digit PIN (passcode) on the iPhone and iPad, plus an "auto-wipe" option that deletes data after a few incorrect login attempts.

• Encrypted back-up on the local workstation the iOS device is connected to. "This will protect and secure all data on the device," says Sterneckert.

• Ensure the "Find My iPhone" service (free) is enabled, so a lost or stolen device can be located remotely and/or wiped clean.

Microsoft Exchange ActiveSync is also recommended for email. "The challenge is to make sure you put the right guardrails around environments, like email and web use, that include the right permissions, certificates and keys," says Sterneckert. "Apple has done a great job at that."

IT departments should also create policies based on the company's needs and/or industry's regulations. Make sure people understand their importance and why they're in place. For example, it's possible to limit the downloading of applications ("apps") from iTunes, disable the iPhone or iPad's cameras or curb corporate Wi-Fi use for personal reasons.

SMBs not doing enough?

It is incumbent upon businesses to develop these policies, but it's not yet highly prevalent in the small-to-midsized business space, says Tim Bajarin, president of Creative Strategies, a Campbell, Calif.-based firm that provides industry analysis for the tech sector.

"Less than half of small businesses have formal IT policies in place," estimates Bajarin. "Even when they do, they struggle to enforce them given the mix of corporate and employee-owned devices across multiple platforms and device categories -- although there's policy management features available through mobile email servers."

At a minimum, companies should create policy rules and give them to employees, advises Bajarin. "Offer periodic reminders as well as education on security risk." "These policies should also encompass use of employee-owned devices to access company data -- things like mandatory password use, reporting lost/stolen devices or data and avoidance of removable storage are the bare bones minimum."

Mobile device management (MDM) software can help enforce these, as well as more advanced policies.

As smartphone and tablet adoption continues to increase, there is more of an "addressable market" for phishing and hacking of each platform, cautions Bajarin.