Do you own a keychain USB jump-drive, a PDA, or an
all-in-one mobile communications device? If you do, what
type of information do you store on it? Many people would
say there is nothing important stored on their mobile
device. Many of our customers initially state there is
nothing on the computer network that hackers would want or a
virus could irreparably damage.
I want to start out this article with a couple real-life
stories about why it is so important to make sure your
mobile devices are secure.
Panic Over Lost Jump-Drive
About a year ago, a business acquaintance contacted me in a
panic. Apparently, he was onsite performing an internal
security audit for a rather large company, and had lost or
misplaced his keychain USB Jump-Drive. At first, I was not
sure of why he was in such a panic. That is, until he told
me the drive contained approximately 300Mb of security
information minded from a previous security audit he
performed. He was scared out of his wits that this
information would fall into the wrong hands, not to mention
the hands of his new client. What would his new client think
if they found he was walking around with this information on
a device that anyone4 could gain access too. Would he do the
same thing with their information? Lucky, after retracing
his steps in the building, he found on the floor of the
men's room. He apparently pulled out his keys and the
jump-drive came off the keychain. He no longer carries his
jump-drive around with him.
Confidential Client Information Lost In Snow Storm
On another occasion, someone quite close to me, dropped his
Toshiba PDA somewhere between his car and food store. Not to
big of a deal, except for the fact that there was about one
foot of snow on the ground. He spent the next three hours
drudging through the snow looking for the PDA. Besides the
fact that it was not an inexpensive PDA, it contained his
entire client list, personal online accounts with user-id's
and passwords, and several other categories of highly
confidential information.
In both the cases above, neither of these people had given
much thought to the loss of these devices. Why should they?
They were both experienced professionals in the information
technology business and very careful and conscious about
keeping information secure. The problem is, their both
human. And humans make mistakes an erroneous judgment
calls.
How To Secure Mobile Devices
Because there a so many types of mobile storage and
communications devices, there are many ways to secure them.
So, I will stick to what I do to secure the above mentioned
devices since I happen to use both types.
I use 1GB USB 2.0 Jump Drive to store and transfer many
types of information. Sometimes, this includes confidential
information. For instance, when I travel, I have a copy of
my account database on the device. However, the device
file-system itself is heavily encrypted, and the database
stored on the encrypted file-system, is encrypted. If I
happen to misplace this device, I am more than confident (at
least at this point time) that the data is protected and not
easily accessible. Now, nothing substitutes for not carrying
around this type of information to begin with, but it is
safer than carrying around a printout of the excel
spreadsheet you keep you passwords in.
As far mobile communications. I don't know what I would do
without my mobile phone. It has replaced my PDA, has
unlimited internet access, a VPN client so I can retrieve my
mail without having to use a separate service (more $), a
1GB storage card, camera and so on. The primary thing that
this device stores that is confidential, is my contact list.
There are other items I don't want just anyone to have
access too as well. Not to mention using my phone (more $).
So, the storage card is encrypted, and that is where my
important data is kept. The device itself is password
protected with and eight character key that meets or exceeds
standard complexity rules. And, the mail client itself
requires authentication in order to use it.
Conclusion
If you use mobile devices on a regular basis, I suggest you
sit down and think about exactly what you store on them. It
is sometimes easy to overlook these things or under estimate
exactly how private or confidential certain information is
or should be. Make sure you take reasonable steps to keep
the information stored on mobile devices secure and private.
It is definitely a balancing act between security and easy
of use.
And, what ever you do, don't leave your mobile device in the
men's room.
You may reprint or publish this article free of charge as long as
the bylines are included.
Original URL (The Web version of the article)
http://www.defendingthenet.com/newsletters/IsYourMobileDeviceSecure.htm
0 comments:
Post a Comment