As I contemplate purchasing a netbook (the HP Mini 2140 looks awesome) I saw a Computerworld.com article named a “Laptop Losers Hall of Shame” (http://www.computerworld.com.au/article/222142/laptop_losers_hall_shame) detailing the enormous security breaches that ensued when notebook computers were lost or stolen by employees of corporations, government agencies, or colleges. The hall of shame is both hilarious and frightening.
Smartphones are becoming the new laptops. ABI Research expects annual worldwide shipments of smartphones to exceed 334 million units by 2010, up from just more than 42 million units in 2005. With so many millions of devices carrying sensitive company data, it’s not hard to imagine what keeps security analysts up at night.
Mobile phones have evolved to a point where they equal the functionality of older notebook computers. I know that I can do pretty much every daily task I need too from my smartphone including RDPing or SSHing into servers. Like me and probably you, we use these smartphones to house critical information, such as notes, emails, and business contacts. If notebooks became such a huge security risk because they are portable, then smartphones are much worse. Brimming with insecure information, we carry these mobile devices with us at all times. For most of us, losing your mobile phone isn’t a possibility, it’s an inevitability. I have lost 2 phones with one being stolen in Vegas and the other being sucked into the ether somewhere.
Other than having more portability and ubiquity than notebooks, smartphones are also harder to control and manage because they are purchased by individual users and do double duty for work and personal use. Notebooks can be issued and centrally managed by the enterprise, but it cannot do the same for the mobile phones of every employee.
How can IT security professionals create a sound infrastructure to compensate for remote workers who are likely to be the unwitting bearers of major security threats?
- Have an IT policy in place that will remotely wipe any phone that is lost or stolen.
- Don’t allow uses to use phones that cannot be remotely wiped.
- Lock your phone with a password.
- Install encryption software to encrypt the data in the onboard memory and any SD cards used.
- Safeguard backups of your smartphone that you make on your PC.
As always, include the usage of mobile devices with company data in your security policy and create expectations for your company employees to follow.
You must log in to post a comment.