A stolen laptop made public last week by the University of California, Berkeley contained unencrypted personal data on nearly 100,000 graduate students and applicants and is just the latest case to underscore the need for increased protection of personal information.
"Since mobile devices are subject to all sorts of threats including both technological [viruses, worms, spam] and physical [lost or stolen], it is essential that organizations that allow the use of these instruments devise corporate policies regarding their use and further document courses of action if exposed to these kind of threats," said Dave Wreski, CEO of Guardian Digital in Allendale, N.J. Wreski believes that the policies and procedures should include the following:
- Utilize advanced encryption and security standards, including Wired Equivalent Privacy (WEP) to minimize the occurrence of WLAN-related vulnerabilities;
- Password-protect all mobile devices;
- Encrypt sensitive documents that are stored on the device;
- Minimize access to sensitive internal information by using firewalls;
- Back-up data regularly on all mobile devices; and
- Implement antivirus software on all mobile devices.
Security and patch management on mobile devices is a most trying task for system administrators. With an ever greater number of corporations relying on mobile computing, this
When it comes to patching mobile devices, there are several methods an organization can adopt. According to Dr. Gary Hinson, CEO of IsecT Ltd. in West Sussex, U.K., "You can leave it to end users to self-patch, which is not very reliable, yet is the least costly option. You can distribute patches and updates when systems connect up by using Systems Management Server (SMS) or login scripting." Another option is to prevent further network access until the system is patched. While this is a better option than leaving it up to the user, it is also more difficult to configure and comes at a steeper monetary cost. To ensure compliance, "you can "sheep-dip" [mobile devices] every so often; i.e., insist they are brought on site to patch," Hinson added.
Another alternative is to maintain a DMZ [demilitarized zone] on
While it is important to have in place a wireless and mobile security program, it is equally important to also have secure server solutions to which these devices connect. In addition, be sure that all servers have their OSes and applications patched regularly and that AV and IDS signatures are always up to date.