March 03, 2011

FYI: Security on the Go

Along with the convenience of our increasingly mobile society comes the increased potential for loss and theft. Protecting your data often involves some very simple, common-sense steps, among these; use strong passwords, encryption, backup your data. and avoid unsecured public WiFi hotspots. This is especially true while on the go since data on your mobile device can be compromised on the go.
Password protecting your laptop or phone is your best first line security defense. If lost or stolen, a laptop or locked phone with a unique, quality power on password will deter a casual thief and protect the integrity of your data. However, to thwart more determined thieves, encryption of the data on the laptop hardrive or smartphone may be necessary. Services also exist which can help you track and remotely wipe the drives of laptops and smartphones.
WiFi connectivity to the Internet, while convenient and often inexpensive, is largely insecure. Even encrypted WiFi can be easily compromised according to Wikipedia. Resist using unsecured WiFi networks and use a mobile/celluar data connection on your smartphone, mobile broadband for your laptop via an AirCard or other device, or use a Virtual Private Network (VPN) to remotely use your office or home Internet connection and network. See the LTRC's article User Beware: The Risks of Unsecured Wi-Fi for more information.
Bluetooth technology is fairly standard and provides a way to connect and exchange information between devices within 30 feet of each other such as mobile phones, earpieces, laptops, printers, etc. over a secure, globally unlicensed short-range radio frequency. While convenient, it also makes mobile phones vulnerable to security breaches unique to Bluetooth. Bluejacking uses Bluetooth technology to send instant messages to strangers. Bluesnarfing uses Bluetooth technology to capture data (contact info, messages, etc) from Bluetooth enabled phones without the owner’s knowledge or permission. Webopedia refers to Bluebugging, which uses Bluetooth technology to take over someone’s mobile phone to make calls, send messages, listen to phone calls, etc. without the owner’s knowledge or permission. To avoid these breaches, disable Bluetooth on your phone until you need it (best) or make your device (phone) undiscoverable so that you can use your Bluetooth devices securely.
Getting a new phone? Catherine Sanders Reach of the Legal Technology Resource Center (LTRC) cautions, “Without properly discarding the information contained on the hard-drive, you may violate your jurisdiction's confidentiality rule. Just deleting everything on the hard drive probably is not enough, as the information can be easily restored and viewed. You should take reasonable additional steps to make sure the information remains confidential.” While the article referred to personal computers, the similar precautions need to be taken when disposing of a smartphone or cell phone. Wipe the hard drive and moemory card and read the manufacturer's instructions to reset to factory settings before selling, donating, or handing over to your teenager.
Mobile Phone Security

ComputerWorld - Ten dangerous claims about smart phone security
Yahoo’s Ten Steps to Cell Phone Security
Don't Let Your Employees Become Security Nightmares – from’s Legal Technology (Must register to see)
Aventail - Secures corporate smart phones
Bluefire - Security solutions designed specifically for wireless devices and smartphones
Trust Digital - A leading provider of enterprise smartphone security
Credant - Controlling the security of all things mobile
Mobile Armor - Enterprise mobile security
Echowork - Solutions considering the ethical, legal, and fiduciary duties of lawyers

FYI: Playing it Safe With Encryption

Also see our FYI: Playing it Safe With Encryption information resource, with information on e-mail, desktop and laptop computer system, and mobile storage encryption.