Friday, May 07, 2010

DO YOU SECURE THE MOBILE PHONE OR THE DATA IN IT?

No other device in recent history has become more ubiquitous and pervasive as the mobile phone and the growth rate of mobile computing in Kenya shows no signs of abating. It is now possible to blog or twitter from your mobile phone. Many Kenyans have been seduced by the informality of social networking sites (e.g. Facebook) or chat rooms into inadvertently revealing personal or corporate data that should have remained confidential. This has been done through mobile phones.

It is often perceived that the hardware is the most valuable component. What we fail to note is that the data the phone contains, transmits and receives is inherently more valuable than the phone itself. We need to change the approach we take to mobile data security.

We should no longer make the mistake of focusing on the device rather than the data. This problem is especially critical for companies. Individuals will at worst loose personal contact details. But if the phone or laptop was company issued the repercussions would be far-reaching.

For companies that have distributed PDAs or Blackberries, an Acceptable Use Policy (AUP) should be formulated and implemented. This policy should, for example, regulate the number of different devices used within the company. It should also be sensible. Including a ban on the use of USB sticks in this policy is not sensible. Requiring that mobile device encryption is used to protect mobile data is a sensible component in any AUP.

Another approach, albeit slightly radical, is to simply not allow sensitive data to reside on personal devices. Even if this sounds draconian, most users of these devices would struggle to come up with adequate reasons why the most of their data cannot be stored in the central server. This approach addresses Data Leak Prevention (DLP) by allowing organizations to see exactly where key, confidential information is stored and how it is used.

It is also possible to monitor and ensure that data does not leave the network boundary through PDAs, USBs or other media devices.

As an individual you should also have your own mobile security strategy. It can involve using mobile encryption, tagging or frequent deletion of vital e-mails.
Data security in mobile devices has recently come into sharp focus due to the rich data hunting ground provided by the increasingly powerful mobile phones and laptops we carry around. Get ahead of the game by formulating a mobile security strategy for yourself and your company.

No comments: