Step Away From That Port

By Ben Halpert — March 02, 2009

"Hi Bob."

"Hi Bill."

"Whatcha got there?"

"This is my new T-Mobile G1 smart phone."

"Hey, nice screen, Bill. Cool keyboard, neat mouse control."

"Thanks! I just got it to sync with all my work emails too! Now I can be productive everywhere when I am not at my desk. Check it out Bob."

"Bill, I thought only BlackBerry devices could be used for company email?"

"That's what 'THEY' want you to think Bob. All I did was set my work email to auto-forward to my Gmail account. And, like magic, all my work emails are available on my G1."

"Bill, that's nothing! Look what I did on my new netbook."

"Bob, when did you get a netbook? I thought they we still pretty expensive?"

"Nah, I got this one for $348 out the door. With Windows! And check this out..."

"Bob that looks just like your work computer's desktop!"

"That's because it is Bill. I just plugged this USB drive into my work computer and it copied all of my data and settings onto this drive. Then I plugged the drive into my new netbook and BAM, it was all there!"

"Bob, you are such a showoff!"

"Our company is really forward-thinking when it comes to I.T. It's great they let us use any computing device for work!"


Do You Work With Bob And Bill?

Do you know a Bob or a Bill in your organization? If you don't, you are probably not looking hard enough.

Most employees do not take the time to search out your organizational policy on protecting sensitive information on mobile devices. (That is if you have one -- hint, hint.) And, if Bob and Bill did find the correct policy, would it provide enough detail so they could make appropriate decisions?

If your enterprise is not prohibiting, restricting, or controlling, the removal of organizationally sensitive information via USB drives, SD card readers, or other removable memory ports on organizational computing assets, then Bob and Bill would have no reason to believe that the actions they are performing are inappropriate.

Organizations have many options when it comes to protecting information that leaves computing assets via ports. Beyond policy and information security awareness, tools are available that enable organizations to monitor data leaving via ports, disable ports from being used, and protect the information leaving a machine via a specific port with organizationally controlled security measures (encryption and authentication options abound).

As for the email forwarding....well, that's another issue your company policy will increasingly need to address with the proliferation of "prosumer" smartphones.



Ben Halpert, CISSP, is an information security researcher and practitioner and writes monthly about security. Comments, questions & requests can be sent to him at editor@mobileenterprisemag.com; please include SECURITY in the subject line.



POST A COMMENT

comments powered by Disqus

RATE THIS CONTENT (5 Being the Best)

12345
Current rating: 0 (0 ratings)

MOST READ STORIES

topics

Must See


FEATURED REPORT

EKN Research: How Mobile is Driving Personalized Context and Engagement

Retailers and hospitality enterprises are well aware that mobile technologies must be driving consistently high standards of in-store or in-location customer engagement. These are key imperatives for customer relevance, financial gains, loyalty and brand advocacy. However, more often than not, such standards break-down in stores due to a wide variety of reasons. Download this benchmark report to understand how mobile is driving a more personalized engagement and key business pains, performance and capabilities related to in-store customer engagement.