Latest news
An IT Manager’s Insight into Mobile Security
by Magnus Ahlberg - Managing Director of Pointsec Mobile Technologies - Wednesday, 21 January 2004.
Golden Rule Number One:
You must have a mobile Use policy or ensure that your corporate IT security policy has specific provision for mobile devices and you update it whenever you adopt new hardware categories such as combined PDA/phones. The information that needs to be protected is the same, it is just different ways of storage it.
Golden Rule Number Two:
Take the responsibility of IT security away from the end-user and centrally manage and deploy it. Work on the premise that no-one can be trusted to safeguard their device. Wake up to the fact that they are just not interested in security.
Golden Rule Number Three:
Invest in a solution which is usable and flexible. Easy access and transparent encryption that does not slow down a user’s device is now available on the market – they’ll go to whatever measures to disable the device or buy their own if security gets in their way.
Golden Rule Number Four:
Have a blanket approach to security by owning every mobile device that leaves your office and make access control and encryption mandatory. DO NOT allow users to use their own mobile device to store company information. Don’t be fooled into believing that they are already protecting their devices with the “factory” password settings or encryption. Nine times out of 10 they won’t be. Record the serial numbers of all PDAs and similar devices including memory cards.
Golden Rule Number Five:
Be realistic with passwords – Users hate them! An enforced, long and difficult, password will result in them writing it down or forgetting it. If they can choose themselves, they will pick the easiest passwords they can such as their pet or child’s name, anniversaries or birthdays. You bet after a long Christmas holiday or annual leave they’ll make a call to the helpdesk to ask for a reset. One way around this is to dispense with the idea of passwords altogether. Pointsec has, for example, presented a new idea with their PicturePIN access control which consists of a series of pictures chosen by the user from a, randomly displayed, larger gallery. Instead of having to remember a password in order to access his encrypted information, the user simply points out the pictures corresponding to “his” story. Not only is this system just as secure as traditional passwords, but there are other advantages too. Its novel, so there’s more chance that people will want to use it. Plus, visual images are much harder to forget than faces. There is even a possibility to add your own pictures for your organisation. And just in case the user is tempted to write down his “password”, he’ll find it very difficult to do so.
So the thief who steals a machine and expects to find the password for the encrypted drive written on the base of the device is going to be sadly disappointed.
Golden Rule Number Six:
Become a realist – but still endeavour to educate your users! Accept the fact that users won’t take a blind piece of notice of security, however, don’t give up – send them a mobile security use policy – make them sign and return it by getting HR to work this policy into their appraisals. Try and make them streetwise but accept that they will still leave their mobile devices in the car, in airports and have them pick-pocketed in
crowded places.
You must have a mobile Use policy or ensure that your corporate IT security policy has specific provision for mobile devices and you update it whenever you adopt new hardware categories such as combined PDA/phones. The information that needs to be protected is the same, it is just different ways of storage it.
Golden Rule Number Two:
Take the responsibility of IT security away from the end-user and centrally manage and deploy it. Work on the premise that no-one can be trusted to safeguard their device. Wake up to the fact that they are just not interested in security.
Golden Rule Number Three:
Invest in a solution which is usable and flexible. Easy access and transparent encryption that does not slow down a user’s device is now available on the market – they’ll go to whatever measures to disable the device or buy their own if security gets in their way.
Golden Rule Number Four:
Have a blanket approach to security by owning every mobile device that leaves your office and make access control and encryption mandatory. DO NOT allow users to use their own mobile device to store company information. Don’t be fooled into believing that they are already protecting their devices with the “factory” password settings or encryption. Nine times out of 10 they won’t be. Record the serial numbers of all PDAs and similar devices including memory cards.
Golden Rule Number Five:
Be realistic with passwords – Users hate them! An enforced, long and difficult, password will result in them writing it down or forgetting it. If they can choose themselves, they will pick the easiest passwords they can such as their pet or child’s name, anniversaries or birthdays. You bet after a long Christmas holiday or annual leave they’ll make a call to the helpdesk to ask for a reset. One way around this is to dispense with the idea of passwords altogether. Pointsec has, for example, presented a new idea with their PicturePIN access control which consists of a series of pictures chosen by the user from a, randomly displayed, larger gallery. Instead of having to remember a password in order to access his encrypted information, the user simply points out the pictures corresponding to “his” story. Not only is this system just as secure as traditional passwords, but there are other advantages too. Its novel, so there’s more chance that people will want to use it. Plus, visual images are much harder to forget than faces. There is even a possibility to add your own pictures for your organisation. And just in case the user is tempted to write down his “password”, he’ll find it very difficult to do so.
So the thief who steals a machine and expects to find the password for the encrypted drive written on the base of the device is going to be sadly disappointed.
Golden Rule Number Six:
Become a realist – but still endeavour to educate your users! Accept the fact that users won’t take a blind piece of notice of security, however, don’t give up – send them a mobile security use policy – make them sign and return it by getting HR to work this policy into their appraisals. Try and make them streetwise but accept that they will still leave their mobile devices in the car, in airports and have them pick-pocketed in
crowded places.
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
