Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Analyze The Threat From Mobile Devices Article, Processor

975 views

Published on

Article: Analyze The Threat From Mobile Devices
Protect Devices With Security Policies, Plans For Information Recovery from Processor.com featuring Philip Farina, CPP

  • Be the first to comment

  • Be the first to like this

Analyze The Threat From Mobile Devices Article, Processor

  1. 1. Tech & Trends Click To Print General Information September 24, 2010 • Vol.32 Issue 20 Page(s) 41 in print issue Analyze The Threat From Mobile Devices Protect Devices With Security Policies, Plans For Information Recovery Among the greatest workplace changes taking place Key Points within the past decade or so is the amount of enterprise information leaving the office along with employee • With increased use of mobile devices comes the laptops and smartphones. Even one decade ago, need for a mobile device employees seldom worked from home or while on the security policy. road, and they certainly didn’t tote small computers everywhere, says Stephen Midgley, vice president of • Thieves now realize the global marketing at software security maker Absolute importance of information stored on mobile devices Software. With the explosive growth of enterprise- and are specifically targeting issued mobile devices comes the threat of theft and the them. access by outsiders to the information on them, he says. • Software installed at the To add another wrinkle, attackers now understand the enterprise level is capable of tracking lost devices and of value of the enterprise information stored on mobile wiping them clean of devices and are specifically targeting them, be-cause sensitive enterprise they’re so widely used, says Hugh Thompson, program information. committee chair for the RSA Conference, an annual IT security conference. Because the enterprise information value can far outweigh the value of the device itself, experts recommend IT managers have a plan for mobile device use by employees and for information recovery in the event of theft. “When organizations are allowing users to connect their devices to the network and download confidential business data--whether that’s internal information or customer data--you need a security policy that states how the devices should be encrypted,” says Matt Bossom, the program manager for technology solutions at IT security company ”Accuvant (www.accuvant.com). Policy In Place
  2. 2. The enterprise will need to budget for mobile device security, Midgley of Absolute Software (www.absolute.com) says, because the IT department will need authentication tools and likely special software to track a device and wipe its hardware in the event of loss. Bossom recommends IT managers take authentication steps beyond the authentication available with the device out-of-the-box. Many mobile device platforms for use at the enterprise level include stronger authentication than the authentication installed within the device itself, he adds. “The same authentication policy can be used for all different types of devices and can be pushed out across the network,” Bossom says. “This is the same way Windows Server pushes out updates using group policy.” This type of authentication means employees will have to enter a password every time they access the device. IT managers must ensure passwords aren’t easy for thieves to guess (“no one, two, three, four” says Bossom) and that employees haven’t taped the passwords to the device itself or placed it somewhere within their laptop bag, says Philip Farina chief executive officer of Farina and Associates, Ltd. (www.farina- associates.com), a security and risk consultancy for the hospitality industry. Sure it’s a hassle for employees to enter a password each time they check their phones for new emails, but doing so reminds them they’re using a workplace-issued device that includes confidential information, he adds. Of course an enterprise mobile device security policy will need to set out rules for use that may seem almost common sense, but having them in writing helps, Farina adds. He recommends IT managers warn employees against leaving their device in sight on a restaurant table or bar--employees should carry it in their purse, pocket, or a carrying case they have beside them at all times. When staying in a hotel room, lock the device in the safe or lockbox when not in use. To that end, ask employees to call ahead to ensure their hotel room will be equipped with a lockbox and that they select only hotels that include the feature, he says. They should also ask employees to keep the devices to themselves, the RSA Conference’s Thompson adds. “You have to take into account [the] social and free nature with which people pass these things around,” he says. “If it’s a work laptop, they might not let someone use it for a second to look something up, but with a smartphone, they’d be more inclined to hand it over to let someone call up a map or something.” In Case Of Theft An enterprise’s mobile-device security policy should also outline the steps employees must take should their device go missing. “Usually that means contacting a response center or the IT department or someone else in corporate so the phone can get shut down ASAP,” Farina says.
  3. 3. The policy will also likely call for the IT department to install device protection on laptops and run software capable of remotely wiping information from stolen laptops, Absolute Software’s Midgley says. The tracking software relies on technology embedded within the chips produced by most major chip vendors, he adds. When a laptop is lost or stolen, the software syncs with the device’s chip--which includes GPS capabilities--when the device is connected to the Internet. This allows law enforcement to track and seize the device. The tracking software can also wipe the device remotely to remove all confidential business information, Midgley says. Such tracking capabilities are also available for smartphones, he adds. Policies needn’t be overly restrictive, Farina says. Mostly, they just outline good, common-sense rules for device use--coupled with specific hardware and software IT departments should use to safeguard sensitive enterprise information. by Jean Thilmany Overseas Travel Here’s one unexpected tip for overseas travelers. Leave your enterprise- issued mobile device at home. Or bring a second laptop or smartphone that contains minimal enterprise information, says Philip Farina, chief executive officer of Farina and Associates, Ltd. (www.farina- associates.com), a security and risk consultancy for the hospitality industry. The risk of theft is just too high overseas, especially in some countries where thieves specifically target Western business travelers. Copyright © 2010 Sandhills Publishing Company U.S.A. All rights reserved.  

×