|
The Mobile Workforce - The Weakest Link
The use of handheld computers is estimated to grow by more than 50 percent in the next few years. The Gartner Group forecasts that more than one billion handheld computers and mobile telephones with wireless network connectivity will be in use globally by 2003. This surge in use of mobile devices means that companies need to make sure their growing mobile workforce use devices that are secure so that handhelds do not become the weakest link in their security system.
More people are working "on-the-move" using powerful laptops and handhelds to store increasing amounts of valuable and confidential data which if lost or stolen can put a company at serious risk of sabotage, exploitation or damage to their professional integrity. Take the case last year of the jet fighter who lost his laptop allegedly containing 100's of unencrypted top secret diagrams. It was brought to the world's attention when a national newspaper handed the laptop back to an embarrassed MOD representative. This case highlights the importance of securing information held on mobile devices if it is of a sensitive or confidential nature. Even when PDA and laptops do have a security device automatically installed users often try to circumvent them due to the time and "hassle" factor associated with using them. Once turned off, these devices become 'easy pickings'for anyone to get at confidential information or even use a stolen handheld to get through the corporate firewall and into the main corporate network. So what can be done to secure the mobile workforce?
8 STEPS TO SECURING YOUR HANDHELD
1. A workable security policy needs to be put into place with the most important factor being to communicate the policy to the workforce. Staff must be told about the security implications of mobile devices, and told what action will be taken if employees ignore this policy.
2. Fast and easy to use access control systems and encryption devices should be put in place on all mobile devices, which cannot be circumvented by the user.
3. Use dynamic passwords or certificates for secure remote access.
4. An audit needs to be carried out to find out who in the company is using a mobile device and whether it is owned by the company or the employee.
5. Staff should not be allowed to use their own mobile devices to store customer and company information on them, unless they have been installed with the company security system.
6. Use a security product that is compatible with all mobile devices and software versions, which can be managed centrally.
7. Avoid using products that leave the user to make security decisions - users will ignore or find a way around the system.
8. Make sure that if handhelds are used, that they are protected with up to date software, which can defend against known security loopholes.
|
