« Beware the Point-of-Sale Data Attack: A Podcast with Tripwire | Main | The Difficulty of Determining Security's ROI »

Today's security news is rife with seemingly continuous bad news about one massive data breach after another occurring because of a lost or stolen mobile device. And as mobile devices continue to get smaller and smaller, they only become bigger targets for today's crooks.

According to the 2007 CSI Computer Crime and Security Survey and found on Network Computing, half of all respondents indicated they had a laptop or mobile device stolen in the past year. That's why government has stepped in and in 35 states users must be notified if their customer or personal information has been divulged in one of these breeches.

So what to do? First of all, corporate policy should clearly limit the amount of sensitive data stored on mobile devices and should instead rely on secure remote access. And for data that must be kept on mobile devices, company policy should clearly define what data needs to be protected as well as the different safeguards that need to be applied.

And let's face it, encryption is still difficult and inconvenient, but because of the added vulnerabilities of mobile devices, limited encryption should definitely be considered. As Avi Baumstein writes at Network Computing:

"Building the capability into corporate data systems to exclude sensitive data from export, or even better, make it difficult to output to a portable format, perhaps by requiring managerial approval, is key to compliance. A database extrusion prevention system like those we recently reviewed can help here."

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2902