Features
Handheld
Security
Compute safe and secure and don't let the bad guys get you
Now
is the time for your company to establish an enterprise-wide mobile
handheld security plan.
Paris Hilton may grab the headlines when hackers steal personal
information from her cell phone, but all users of wireless handheld
devices should know their personal information and private data
may not be private for long. And, as more and more of us use PDA's
and smartphones for job-related tasks and functions, security
breaches are quickly moving from the realm of theory to corporate
reality! The damages are no longer just personal inconvenience
but can include data theft, private information broadcasts on
the web, significant personal expense, and corporate network vulnerability.
Indeed,
as the "office" is defined less by a physical space and more by
the location of its employees at any given time, the security
of data held on PDAs, cell phones and mobile devices has become
a top concern for CIOs and IT managers in businesses and organizations
of all sizes.
As
a reader of Handheld Computing, you know that today's cell phones
and PDAs have the same functionality that notebook computers had
just a few years ago. Like notebooks, they send and receive email,
and instant messages (IM); offer access to the Internet, storage,
processing capabilities, and run software applications. And like
notebooks, they are highly susceptible to security threats. In
fact, with wireless capabilities such as Wi-Fi, cellular networks,
and Bluetooth, they are even more vulnerable because they are
always attached to public networks along with millions of other,
unknown users.
IDC
projects an astounding compounded annual growth rate of more than
85% through 2009 in the number of converged mobile devices and
smart phones sold to businesses and individuals. At the same time,
IDC points out that broadband WWAN is becoming widely available,
estimating about 47% compounded annual growth rate through 2008.
This
is good news for your company or business as it deploys PDAs and
wireless networks to enhance the productivity, efficiency and
responsiveness employees. But the good news is tempered by growing
security concerns. In February, IBM said in its Global Business
Security Index Report that a surge in the number of viruses and
worms threatening data on PDAs and other mobile devices should
top the list of concerns for IT departments in 2005 and beyond.
Bottom
line: because PDAs and cell phones are playing an increasingly
vital role in your job and in your company's success, your company's
IT managers must treat their protection with the same level of
concern afforded desktop and laptop computers.
Fortunately,
a number of security measures to safeguard handheld devices are
beginning to emerge. Following are ten key steps your company
should take to address wireless vulnerabilities:
-Define
a handheld security policy. Organizations of all sizes
should conduct a thorough vulnerability assessment to identify
assets and risks. Results will help to define an acceptable use
policy for handhelds that coincides with policies regarding desktop
and server use.
-Centrally
enforce/monitor handheld security. Security parameters
should be configured according to an organization's security policy,
with handheld security logs archived to enable centralized surveillance
and reporting.
-Enforce
power-on passwords. Perhaps the biggest risk associated
with handhelds is that no power-on password is required by default.
At minimum, the use of a built-in PIN number, standard on most
handhelds, should be centrally enforced.
-Block
unauthorized handheld network activity. Mobile firewall
software, configured specifically for handhelds and designed to
minimize the amount of memory required, will defend wireless devices
from both common network attacks and attacks specific to handhelds.
-Detect
handheld intrusions. Intrusion prevention software
also can detect and stop registry/attribute tampering, execution
of malicious code, and software failure -- all of which can disable
virus scanning, change firewall rules, or ride VPN (virtual private
network) tunnels into the corporate network.
-Protect
handheld integrity. Anti-tamper products can detect
unauthorized changes to sensitive data and alert users or block
access to secure resources.
-Encrypt
sensitive data. Users should be prohibited from storing
certain types of data on the device (e.g. credit card, bank account,
or social security numbers, health records, and proprietary business
information). When sensitive information must be stored, a data
encryption product can be used to reduce risk if the handheld
is lost, stolen, or hacked.
-Protect
traffic sent and received by handhelds. Encrypted,
authenticated VPN tunnels can be created to ensure privacy and
integrity of communication between handhelds and connected networks.
-Detect
and eradicate viruses. Anti-virus solutions should
be used to detect viruses, worms, and Trojans, particularly if
Wi-Fi or wireless carrier networks are being used to update email,
contacts, calendars, or access the web.
-Back-up
data regularly. Like any computer, frequent back-ups
can reduce loss of data and downtime if a handheld is lost, stolen,
wiped clean, or damaged.
You
already know the personal productivity gains afforded you by your
handheld computer. The emergence of mobile and wireless applications
similarly represents a new and exciting chapter for your company
or organization. You can help ensure the story does not turn into
a tale of horror or a tragedy by advocating for a plan that incorporates
these straightforward, cost-effective security measures. Addressing
security threats head on is not an option, but a requirement,
for any enterprise that wishes to leverage the most from its wireless
network.
-Mark
Komisky is the Co-Founder and CEO of Bluefire Security Technologies
headquartered in Baltimore, Maryland. To learn more visit www.bluefiresecurity.com
or call (410) 637-8160.
Home
