Analyze The Threat From Mobile Devices Article, Processor
3
Tech & Trends Click To Print General Information September 24, 2010 • Vol.32 Issue 20 Page(s) 41 in print issue Analyze The Threat From Mobile Devices Protect Devices With Security Policies, Plans For Information Recovery Among the greatest workplace changes taking place within the past decade or so is the amount of enterprise information leaving the office along with employee laptops and smartphones. Even one decade ago, employees seldom worked from home or while on the road, and they certainly didn’t tote small computers everywhere, says Stephen Midgley, vice president of global marketing at software security maker Absolute Software. With the explosive growth of enterprise- issued mobile devices comes the threat of theft and the access by outsiders to the information on them, he says. To add another wrinkle, attackers now understand the value of the enterprise information stored on mobile devices and are specifically targeting them, be-cause they’re so widely used, says Hugh Thompson, program committee chair for the RSA Conference, an annual IT security conference. Because the enterprise information value can far outweigh the value of the device itself, experts recommend IT managers have a plan for mobile device use by employees and for information recovery in the event of theft. “When organizations are allowing users to connect their devices to the network and download confidential business data--whether that’s internal information or customer data--you need a security policy that states how the devices should be encrypted,” says Matt Bossom, the program manager for technology solutions at IT security company ”Accuvant (www.accuvant.com ). Policy In Place Key Points • With increased use of mobile devices comes the need for a mobile device security policy. • Thieves now realize the importance of information stored on mobile devices and are specifically targeting them. • Software installed at the enterprise level is capable of tracking lost devices and of wiping them clean of sensitive enterprise information.
description
Article: Analyze The Threat From Mobile DevicesProtect Devices With Security Policies, Plans For Information Recovery from Processor.com featuring Philip Farina, CPP
Transcript of Analyze The Threat From Mobile Devices Article, Processor
Tech & Trends Click To Print
General Information
September 24, 2010 • Vol.32 Issue 20 Page(s) 41 in print issue
Analyze The Threat From Mobile Devices
Protect Devices With Security Policies, Plans For Information Recovery
Among the greatest workplace changes taking place within the past decade or so is the amount of enterprise information leaving the office along with employee laptops and smartphones. Even one decade ago, employees seldom worked from home or while on the road, and they certainly didn’t tote small computers everywhere, says Stephen Midgley, vice president of global marketing at software security maker Absolute Software. With the explosive growth of enterprise-issued mobile devices comes the threat of theft and the access by outsiders to the information on them, he says. To add another wrinkle, attackers now understand the value of the enterprise information stored on mobile devices and are specifically targeting them, be-cause they’re so widely used, says Hugh Thompson, program committee chair for the RSA Conference, an annual IT security conference.
Because the enterprise information value can far outweigh the value of the device itself, experts recommend IT managers have a plan for mobile device use by employees and for information recovery in the event of theft. “When organizations are allowing users to connect their devices to the network and download confidential business data--whether that’s internal information or customer data--you need a security policy that states how the devices should be encrypted,” says Matt Bossom, the program manager for technology solutions at IT security company ”Accuvant (www.accuvant.com).
Policy In Place
Key Points • With increased use of mobile devices comes the need for a mobile device security policy. • Thieves now realize the importance of information stored on mobile devices and are specifically targeting them. • Software installed at the enterprise level is capable of tracking lost devices and of wiping them clean of sensitive enterprise information.
The enterprise will need to budget for mobile device security, Midgley of Absolute Software (www.absolute.com) says, because the IT department will need authentication tools and likely special software to track a device and wipe its hardware in the event of loss. Bossom recommends IT managers take authentication steps beyond the authentication available with the device out-of-the-box. Many mobile device platforms for use at the enterprise level include stronger authentication than the authentication installed within the device itself, he adds. “The same authentication policy can be used for all different types of devices and can be pushed out across the network,” Bossom says. “This is the same way Windows Server pushes out updates using group policy.” This type of authentication means employees will have to enter a password every time they access the device. IT managers must ensure passwords aren’t easy for thieves to guess (“no one, two, three, four” says Bossom) and that employees haven’t taped the passwords to the device itself or placed it somewhere within their laptop bag, says Philip Farina chief executive officer of Farina and Associates, Ltd. (www.farina-associates.com), a security and risk consultancy for the hospitality industry. Sure it’s a hassle for employees to enter a password each time they check their phones for new emails, but doing so reminds them they’re using a workplace-issued device that includes confidential information, he adds. Of course an enterprise mobile device security policy will need to set out rules for use that may seem almost common sense, but having them in writing helps, Farina adds. He recommends IT managers warn employees against leaving their device in sight on a restaurant table or bar--employees should carry it in their purse, pocket, or a carrying case they have beside them at all times. When staying in a hotel room, lock the device in the safe or lockbox when not in use. To that end, ask employees to call ahead to ensure their hotel room will be equipped with a lockbox and that they select only hotels that include the feature, he says. They should also ask employees to keep the devices to themselves, the RSA Conference’s Thompson adds. “You have to take into account [the] social and free nature with which people pass these things around,” he says. “If it’s a work laptop, they might not let someone use it for a second to look something up, but with a smartphone, they’d be more inclined to hand it over to let someone call up a map or something.”
In Case Of Theft An enterprise’s mobile-device security policy should also outline the steps employees must take should their device go missing. “Usually that means contacting a response center or the IT department or someone else in corporate so the phone can get shut down ASAP,” Farina says.
The policy will also likely call for the IT department to install device protection on laptops and run software capable of remotely wiping information from stolen laptops, Absolute Software’s Midgley says. The tracking software relies on technology embedded within the chips produced by most major chip vendors, he adds. When a laptop is lost or stolen, the software syncs with the device’s chip--which includes GPS capabilities--when the device is connected to the Internet. This allows law enforcement to track and seize the device. The tracking software can also wipe the device remotely to remove all confidential business information, Midgley says. Such tracking capabilities are also available for smartphones, he adds. Policies needn’t be overly restrictive, Farina says. Mostly, they just outline good, common-sense rules for device use--coupled with specific hardware and software IT departments should use to safeguard sensitive enterprise information. by Jean Thilmany
Overseas Travel Here’s one unexpected tip for overseas travelers. Leave your enterprise-issued mobile device at home. Or bring a second laptop or smartphone that contains minimal enterprise information, says Philip Farina, chief executive officer of Farina and Associates, Ltd. (www.farina-associates.com), a security and risk consultancy for the hospitality industry. The risk of theft is just too high overseas, especially in some countries where thieves specifically target Western business travelers.
Copyright © 2010 Sandhills Publishing Company U.S.A. All rights reserved.
