My friend uses Microsoft Phone 8.1 mobile for a tax accountancy firm. As it hasn't received security updates for five years I believe that is a significant information security risk. However, the principal of the firm does not believe it to be a significant risk.
Only MMS, SMS and phone calls are made on the phone. MMS is sometimes used to send tax documents to the firm via pictures. No browsing of websites is done and it isn't even connected to the corporate network.
Can you help me explain to a CPA accountant principal in Australia why it's a business risk? Do you have links to Australian government websites or professional association websites?