Out-Law / Your Daily Need-To-Know

Out-Law News 2 min. read

Hints and tips on securing your mobile workforce


An employee losing a laptop or PDA containing confidential company information is a significant risk for companies with a mobile workforce. A security software company specialising in mobile computing devices has compiled a list of hints and tips for employers.

In a PDA Usage Survey conducted earlier this year by Pointsec Mobile Technologies and Computer Weekly, one in ten people admitted to keeping all of their confidential information on their PDA, with 72% admitting to using their PDA for company use, and a quarter using no security to protect this information.

Kurt Lennartsson, senior VP of Strategy with Pointsec, said:

"When these devices contain company information and they disappear without having adequate security, it's a little more than inconvenient. Companies need to recognise that data is a company's most valuable asset."

Below is Pointsec's list of hints and tips on ensuring your mobile workforce:

  1. Create a mobile device security policy specifically designed for handheld devices.
  2. Create an awareness program to make the new policy known within the organisation. Staff must be told about the security implications of mobile devices, and what actions will be taken if the policy is ignored.
  3. Never rely on techniques or products that allow the user to make security decisions. All security settings should be maintained and controlled centrally.
  4. Require Enforceable Mandatory Access Control on all devices as the first line of defense. Users should not be able to disable the access control put in place.
  5. Purchase PDAs for employees. Never allow users to connect their personal devices to the company network. Company ownership is a pre-requisite for maintaining a strong security profile.
  6. Standardise on a few brands of devices and support only a few mobile operating systems. Too many devices and operating systems will multiply your worries. Knowledge of device and operating system internals are key to keeping up with vulnerabilities and knowing how to fix them.
  7. Use Password/PIN standards. Specifically consider device input and screen limitations in the policy as small screens and lack of easy to use keyboards does not make regular passwords easy to use. Consider use of two-factor authentication, something you know like numeric or picture based PINs in combination with biometric or signature recognition technology.
  8. Approved devices need to carry their own defenses. You need to think about each device and removable media as a self contained unit that will contain confidential data and therefore needs to be protected adequately. Consider automatic and user transparent encryption on all data on a mobile device and removable media.
  9. Track and label devices. Treat mobile devices like desktops and laptops, labelling them and keeping records.
  10. Treat wireless like internet. Use a VPN (virtual private network) on top of WEP (the Wired Equivalent Privacy algorithm) to connect to the internal network. Consider the use of one time password tokens or certificates for opening VPN connections. A personal firewall will soon be needed also for mobile devices as the number of applications, services and ways to connect increases.
  11. Select and deploy an anti-virus product that works in conjunction with the anti-virus products already in place in the organisation.
  12. Set standards for centralised controlled synchronisation products to ensure that only approved applications are used and that important data is backed up automatically.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.