How to keep mobile data secure

Computerworld - While the rise of the mobile data market has been rapid and lucrative, it has also led to a significant increase in potential security risks.
In the 1980s, companies were concerned that users would save customer or company price lists onto a floppy disk and take them to their next employer. Today, these same users not only can take that information, they can also take your entire customer database showing purchasing prices and history on a single USB drive.
Thanks to their large capacity, portability and simplicity, removable media have become one of the most popular types of storage devices among today's computer users. Vendors give away memory sticks at popular computer trade shows. If you take part in an IT training course, you might be given a memory stick loaded with your computer course notes. These storage devices are inexpensive, and they are fast becoming the preferred method to store business proposals, accounts, client details, marketing plans and other confidential company information.
Another security challenge is the arrival of fast Internet access in the office, which has made it easy for employees to use the company network to download files. Employees with bad intentions can pull down illegal content as well as install peer-to-peer networks on their desktop computers. With P2P installed, they can move files between the office and home on CD, DVD or other removable media. The danger to the corporate network is that file sharing through P2P exposes the company's internal structure.
Steps to secure removable media
While banning employees from bringing their personal USB drives or other removable media into the office seems like an obvious solution, it would be a very difficult policy to enforce. Removable media devices are so small they can easily fit into a pocket, briefcase or handbag. Short of instituting an invasive and unpopular search policy for corporate employees, it is practically impossible for organizations to keep these devices outside the company.
Instead, organizations need to develop and enforce company policies to protect the confidential data on these removable storage devices.
First, you need to work closely with your legal, compliance and management teams to determine the appropriate policies for your organization.
Second, you should consider investing in encryption technology to ensure the best security. There are several vendors with encryption products in the market. All have different advantages, but the technology you choose should have the following minimum set of criteria:

• The ability to enforce a security policy that locks down the device after a certain number of failed password attempts. This will protect against security breaches due to unauthorized users successfully accessing confidential data on lost or stolen mobile devices.


• A mechanism that ensures recipients of encrypted data can easily decrypt messages without having to install software on their computers. Users should be able to send encrypted messages to recipients who can decrypt the messages with a click of the button so that ease of use, total cost of ownership and security goals are achieved.


• An administration program that allows for the recovery of lost passwords so that employees have a way to gain quick and easy access to their devices when they forget their passwords and managers can keep password administration costs low. For example, an employee working at a remote location could call the help desk and quickly have his password reset and gain log-in assistance.


• Flexibility to work on a range of devices and removable media. For example, an organization may use a variety of laptop and PDA models but would still want a single comprehensive encryption product that provides endpoint security on all preferred mobile devices.


• Simple and easy-to-manage functionality.