Every week the news seems to bring us examples of the scale of vulnerability businesses face by not taking mobile security seriously. Financial services giant GMAC had to inform nearly 200,000 customers that two laptops stolen from the car of a GMAC employee contained customers' names, addresses, dates of birth, Social Security numbers, credit scores, marital status, and gender. And IBM...
-- has recently demonstrated that with a mere $200 worth of microphones an enterprising hacker can actually "hear" your keystrokes as you type. With a decipher program, presto, they’ve got your passcodes or any other sensitive information you’ve typed.
When it comes to IT security, many organizations struggle to deal with the basic security of their traditional systems and their wired networks. Adding mobile and wireless technologies to the picture is sure to add a whole new layer of stress.
Assessing your Mobile and Wireless Security Index
The first place to begin assessing your MSI (mobile security index) is with physical security of unwired devices. The theft or loss of a laptop is still the most frequent problem in mobile security. The cost of the machine, let’s say $5,000, is a rounding error compared to the value of the information that’s inside.
Moving beyond physically losing a device, there are also security issues generated in the network layer because of wireless LANs (WLANs), Bluetooth and infrared data transmission, and various other mobile/wireless platforms that are already common in many businesses. Tech-savvy employees equipped with smartphones, PDAs and notebooks are installing their own WLANs without gaining the permission of the IT department. No knowledge…no security.
Developing a Secure Solution: Process and Technology
The right solution for your company results from a thoughtful, structured approach to risk management. Effective IT security is a process that includes technology, not the other way around. The new and still-forming art of mobile defense must absolutely be tied into your company’s overall security strategy. As PDA operating systems like Windows CE evolve, the same protective logic that applies to your office-based computers applies equally to your handhelds.
The good news is that an affordable and effective security program can be put into place in relatively short order if you make it a management priority and assign the resources to get it done. Again, most companies are stretched and don’t have the in-house bandwidth or skill sets to address emerging mobile threats along with everything else they’re doing to run their businesses. That’s where outside expertise can be invaluable.
Give me a call. I’ll show you how to keep people like me out of your computer systems.
About the author: Chris Doggett is the Senior VP of FireTower, a CBE Technologies company focused on providing information security solutions to US companies.
