Security Risks, Hard Drives and Well-Meaning Employees
By Michael Barbella
Along with the rises in productivity made possible by mobile devices come increases in risks to corporate security.
"Securing information on mobile [handheld] devices is important because there's a big vulnerability with information that enterprises or individuals want to keep private," said Robert Egner, VP of product management and global marketing at Pointsec, a company that provides mobile data protection solutions.
"In the case of technology companies, they are focused on protecting their competitive advantage," Egner said. "That kind of sensitive information sometimes finds its way onto handheld devices or notebooks."
Sensitive corporate data is increasingly finding its way onto handheld devices that are lost or stolen--or even retired and sold on eBay. A survey conducted by the Ponemon Institute found that 81 percent of the corporate IT departments polled had lost or been robbed of a laptop or portable storage device. And 60 percent of those devices contained unprotected sensitive or confidential information.
These data losses can be notoriously costly. A survey from Symantec found that the average laptop contains data worth about $972,000. And a study released last fall by the Ponemon Institute said data breaches cost companies an average of $182 per compromised record, which represents a 31 percent increase over 2005.
"The burdens companies must bear as a result of a data breach are significant, making a strong case for more strategic investments in preventative measures such as encryption and data loss prevention," said Larry Ponemon, the institute's chairman and founder. "Tough laws and intense public scrutiny mean the consequences of poor security are steep--and growing steeper for companies entrusted with managing stores of data."
Managing the "stores" of data can be particularly difficult for companies when employees use their personal handheld devices, Pointsec's Egner said. Corporations, he explained, need to develop ways to protect sensitive data on employees' personal devices.
Companies must also readjust their data protection efforts. Egner said information stored on handheld devices is more vulnerable than the data stored on a corporate network. "There's been so much interest on network-born attacks, but in about half of those cases, the network was attacked with credentials picked up from lost or stolen computers," he noted.
Pointsec recently unveiled a data protection solution that covers USB slots and removable plug-and-play devices the connect to computers or handheld gadgets. The Pointsec Device Protector combines USB port and storage device management from Reflex Magnetics' DiskNet Pro solution with media encryption to protect both removable storage media and email in transit by providing automatic real-time encryption.
The Device Protector prevents or limits data transfers to USB drives, Bluetooth smartphones, digital cameras or music players through a configurable security policy and content filtering.
"While organizations of all sizes are scrambling to protect their sensitive information through security solutions designed for networks, port security is one avenue of data loss at the endpoint that many IT managers are just now becoming aware of through recently reported data breaches," said Marty Leamy, president of Pointsec Mobile Technologies, Americas. "The risk of data loss through unprotected ports and plug-and-play storage devices is a serious concern among all organizations in possession of confidential data. Once this sensitive information is copied through a port to a storage device--whether it is by a malicious insider or a well-meaning insider who is unaware of the security policy--it becomes vulnerable to loss, theft and unauthorized use."