Sunday, August 24, 2008

Protect Your Mobile Computing and Communication Devices in Any Location

Many users and organisations have blatantly ignored recommendations for protecting mobile devices, thus exposing themselves, their businesses, their customers, and often employees to harm, alleges information security portal ZDNet.co.uk. In particular it cites the risk posed by hotel networks and unencrypted data on laptops.

ZDNet offers five useful pieces of advice:

1. Store only what you absolutely need

This is the first rule of data leakage protection. Why carry around customer spreadsheets, financial data, or plans for a new product/service if you don't need them while out of the office? Absent Information can't be compromised.

2. Protect data passing over public wired or wireless networks

The best way to prevent casual or directed packet snooping on public networks is packet or session encryption, even if encryption is limited to only traffic between the end-user device and a traffic encryption service provider on the internet. For ultimate protection, use only SSL connections to check email or access company information. When this isn't possible, online services, both free and for-fee, can fill the gap. Two examples are MegaProxy (fee-based) and AnchorFree (free).

3. Configure devices to block external snooping

The first step in establishing a security perimeter around a device is configuration of a firewall. Personal firewalls are free on laptops running Windows XP or Vista. These solutions provide minimal protection against intruder compromise of your mobile system. More complete protection is available in security suites, such as those from AVG, McAfee or Symantec. Firewalls are also available for many handheld devices, protecting contact lists, email, and other sensitive information commonly found on PDAs and smartphones.The second step is configuring Bluetooth, on laptops and handhelds, to block all unauthorised access. Bluetooth threats and secure configuration information is found in Secure your Bluetooth wireless networks and protect your data. No laptop should be unnecessarily exposed because it lacks anti-malware protection.

4. Encrypt sensitive information on the device

Laptop theft reports make it clear that many users and organisations haven't got this message yet. Laptop encryption doesn't have to drain your budget. Solutions such as TrueCrypt provide effective, free file and full-disk encryption. If you need a more centralised approach to key management, lost data destruction, or data recovery, online services such as Beachhead or more traditional systems such as PGP can help.

5. Back up critical information

All business critical information should be copied to an alternate location. Even mobile users, who might not connect to the company network every day, can be protected against data loss with online solutions such as Symantec's backup.com or with Amazon.com's S3 service, supported with client software such as Jungle Disk.

Source: http://resources.zdnet.co.uk/articles/features/0,1000002000,39457680,00.htm

Don't let the Data Commissioner name and shame your company because a mobile user loses data!!!

ARC Training's next Information Security Workshop (which also forms part of the university-accredited Security Management Stage 1 Course) takes place on 24th November in the UK. For more information click here: http://www.arc-tc.com/pages/one_day_workshops.asp#c8