It is that time of year when people make New Year's resolutions, many of which will concern the avoidance of certain alcoholic beverages. My own resolutions are not in tatters yet, but this is really only because I didn't make any. Looking at security for 2005, however, it seems IT managers should have made a couple, and should also ensure they stick with them.

The first resolution should be: "I will install antivirus gateway tools immediately - not tomorrow or next week, but now." When I talked to Sophos security consultant Graham Cluley just before the festive drinking session got underway, he mentioned that if firms had installed such security products last January, they would have stopped nine out of the top 10 viruses that hit the headlines - and corporate networks - in 2004.

With statistics like that, I think it would be quite easy for IT teams to present a convincing case to the board of directors to purchase gateway antivirus tools.

The second resolution should be to implement a company-wide policy on the use of mobile devices, or, to be more exact, to put some controls on the use of these devices and what sort of data employees should and should not have stored on them. To go by the trends of 2004, mobiles will be high on the list of targets for attacks this year.

There is still some debate about how much mobile technology will really help to boost firms' productivity, but concerns about security are another barrier to the decision to deploy mobile devices. The mobile phone companies have a good record on security and until now the main problems for administrators have been caused by handsets being stolen or left on trains.

But last year saw the first virus specifically targeting smartphones. Although Cabir was only a proofof-concept virus, it was a step towards an attack that might conceivably bring down a mobile network, or allow hackers to access valuable information.

Security experts pointed out that to be infected with Cabir, users would have had to download and install it themselves. And the executable in question was not certified. But just look at the number of users who immediately open email attachments despite the warnings about viruses and Trojans. Firms clearly need some way to save users from their own stupidity.

Another reason why virus writers may target mobile devices this year is that for the first time some phones will have a miniature hard disk for data storage. Seagate, Hitachi and Toshiba provide inch-sized disks that can hold gigabytes of data, whether in the form of video clips or corporate documents.

However, one thing hindering virus writers is that they need a target to aim for, and there just is not the same all-pervasive platform in the mobile world as there is on corporate desktops and servers. Maybe Java-enabled phones will prove to be the weak spot.

One thing experts do agree on is that virus writers now realise that there is money in crime. Attacks were once designed for bragging rights in online forums, but cash is the new motivation.