Advertisement
Promo

Security threats Toolkit

Data Breaches

Keep mobile data from going walkabout

Sally Whittle ZDNet.co.uk

Published: 13 Mar 2008 16:52 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

...which provides a secure "tunnel" for internet traffic. However, you should consider additional methods of authentication, such as strong passwords or keycards, if information is particularly sensitive, Howard recommended.

The third layer of mobile security is the mobile device itself. This is where the biggest security risks are, said Monica Basso, a vice president with Gartner Research. Think about what happens if an employee leaves their laptop in a cab or if a smartphone is stolen. Would the thief be able to access the information contained on the device? Are devices vulnerable to web-based attacks from malware or viruses?

"On the device side, the priority is to authenticate the user, protect locally stored data and secure the network connection," said Basso. "At the least, you should have passwords. You may also want to think about controlling features such as cameras or Bluetooth, and limiting application installation and data transfer."

"Encryption of data on mobile devices is the absolute bare minimum and I think you'd be considered negligent if you failed to use it," added Ovum's Titterington. "However, it's important to remember that encryption is only as good as the key management that goes along with it. If the key is stored on the same machine, then you really might as well not bother."

In addition to encryption, Titterington recommended setting policies to ensure that all mobile devices are password-protected and run up-to-date antivirus software. It is also important to be sure that mobile devices running software are included in your company's regular patch-management programme, so that security holes aren't left unpatched on laptops or mobile computers.

There are a range of remote "wipe" products that can also be used to wipe a mobile device's hard drive if it's lost, often within minutes. This renders the information completely inaccessible to anyone who has stolen a device.

Encryption of data on mobile devices is the absolute bare minimum and I think you'd be considered negligent if you failed to use it

Graham Titterington, Ovum

Gartner has also recommended that SMEs use full encryption of application data, file systems for internal memory and external cards, device lockdown, remote wiping and port control.

"You should also have a single manager with responsibility for device management and policies, who is responsible for things like remote software downloads, upgrades and policy enforcement," said Basso. "This means mobile devices will all be secure and compliant with security policies."

Having a single manager also makes it easier to ensure that your overall security policy provides complete coverage of the three distinct elements of mobile working: the device, the network and the transmission of data.

"That's important because the market for mobile security is very fragmented," said Basso. "There are more than 100 different products that all address different aspects of mobile security, from device encryption to mobile VPNs and user authentication."

Most companies will probably need to invest in a number of different products on either the server or client side to provide full security, Basso said.

Finally, bear in mind that technology can only get you so far when it comes to mobile security and even the best IT systems are usually no match for a determined user. "You can usually guarantee that a user will find a way to get around almost any policy you care to set," said Titterington, "particularly because you can't totally lock down any device. You're constantly looking to balance security with usability."

For this reason, it's vital for companies to invest in training and education for workers, alongside the technology used to secure mobile workers. "Telling someone they can't access online games is one thing, but explaining to someone the risks of malware from unknown websites and the responsibility they have for protecting their employer from these risks is [much] better," said Kellett.

Ultimately, however, it's a mistake to assume that mobile computing will ever be 100 percent secure, said Titterington. "I'm not sure many firms could protect mobile devices from a really determined attacker. The reality is that you're protecting yourself against the 80 percent of thefts that are opportunistic and that's about the best you can do. Things like encryption, passwords and PINs are big hurdles for those kinds of people, and definitely worth using."

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
5 out of 5 people found this useful


Full Talkback thread

0 comments

More in this Special Report

The top five internal security threats

The top five internal security threats

It's widely known that internal staff are the biggest threat to IT security, but what specifically should an employer watch out for? more

Keeping mobile data from going walkabout

Keeping mobile data from going walkabout

Mobile email is no longer the preserve of upper management but providing access to company information on the go has its risks more

Lib Dems call for data guardians

Lib Dems call for data guardians

The Liberal Democrats are seeking the introduction of data guardians into the public and private sector, to protect citizens' information rights more

Worker suspended over loss of prisoner data

Worker suspended over loss of prisoner data

An employee at Home Office contractor PA Consulting has been suspended after the loss of a memory stick holding the unencrypted details of every prisoner in England and Wales more

Ministry of Justice reports nine data breaches

Ministry of Justice reports nine data breaches

The ministry reported the data breaches, affecting around 45,000 people, to the Information Commissioner's Office in the last financial year more

Foreign Office reports five data breaches since 2007

Foreign Office reports five data breaches since 2007

The data breaches at the Foreign and Commonwealth Office are thought to have affected less than 188 people in total more

ICO: Gov't ignoring data-sharing hazards

ICO: Gov't ignoring data-sharing hazards

The government is blindly pursuing data-sharing plans without heeding the potential pitfalls, information commissioner Richard Thomas has claimed more

Lords presses government for data-breach law

Lords presses government for data-breach law

The House of Lords has again urged the government to introduce a data-breach notification law, adding that banks should be liable for e-fraud losses more

Video: Get the most out of your data

Video: Get the most out of your data

How do companies deal with information management? Jonathan Steel, CEO of tech-research firm The Bathwick Group, gives insights based on a recent ZDNet.co.uk benchmark survey more

Justice minister urges overhaul of gov't data handling

Justice minister urges overhaul of gov't data handling

Michael Wills has called for the government to handle data transactions as carefully as financial transactions more

MoD announces data-protection action plan

MoD announces data-protection action plan

The ministry has published a plan of how it intends to meet 51 data-policy recommendations made as part of review into the loss of MoD laptops more

Systemic failure blamed for HMRC data loss

Systemic failure blamed for HMRC data loss

Two reports have found the loss by HMRC of 25 million child-benefit claimant details was 'entirely avoidable' more

Company/Topic Alerts

Create a new alert from the list below:








Video icon

Video

Sentry Posts Blog

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment

South Korea plans to fingerprint visit...

The South Korean authorities could fingerprint and photograph foreign visitors from 2012, the Korea Times reported on Tuesday. Barring diplomats and government operatives, all visitors... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters