As with so many types of security, user education is a must, and even more so with Bluetooth devices because most organizations don't issue smartphones or PDAs to employees; individuals buy their own. While this may lower costs for the company, it means securing them is a purely voluntary act on the part of the end user.
However, as John Pironti, a security consultant at Blue Bell, Penn.-based Unisys, notes, "Organizations can still create security policies covering the acceptable use of any device used to store or access corporate information." So create a concise policy that covers any Bluetooth-enabled device.
FIVE BLUETOOTH SECURITY BASICS
Step 1: Learn the lingo
Step 2: Disable devices
Step 3: Authentication and encryption
Step 4: Acceptable use
Step 5: User education
ABOUT THE AUTHOR:
|Mathew Schwartz is a freelance writer, editor, and photographer based in Paris, France. He regularly contributes information security and corporate compliance stories to Enterprise Systems, Information Security magazine, and IT Compliance Now. His work also appears in numerous other publications, including the Times of London and Wired News. Other recent work includes a 235-page usability report on the world's top 10 intranets, coauthored for the Nielsen Norman Group. Corporate writing clients have included life-insurance firm SBLI, and Intel.|