Secure company data on mobile devices

William Collins, 37, president of NST, an information

William Collins, 37, president of NST, an information technology consulting and services firm in East Northport, recommends proper data encryption and firewall protections for mobile devices. (June. 14, 2012) (Credit: Nancy Borowick)

Jamie Herzlich

Jamie Herzlich

Herzlich writes the Small Business column in Newsday.

bio

Today, doing business on the go is the norm.

Thanks to mobile technology, business owners and staff can easily access files and data through their smartphones, tablets and laptops.

But a data breach or the physical loss of any one of these mobile devices can be catastrophic, particularly if it contains sensitive company and client data. That's why protecting your company's mobile data should be a top priority, experts say.

"If you don't have a proper way to manage and control the information on mobile devices, you're putting your customers and company at risk," says William Collins, president of NST Inc., an East Northport-based information technology services company that assists firms with mobile security.

Part of the problem is that many companies aren't even aware of the data being carried on these devices, he notes, adding that many employees use their own smartphones or tablets for business.

Devise mobile securityAbout 62 percent of smartphones used for business are company-owned devices assigned to employees, while 38 percent are personally owned, according to a recent study by the security technology company McAfee and the Ponemon Institute, which conducts research on privacy, data protection and information security.

Companies must establish mobile security policies, Collins says. He says NST has language written into its confidentiality agreements with staff regarding mobile security.

"Historically people don't think of tablets and phones as computers that can result in the compromise of data," notes Tom Olzak, a Las Vegas-based security researcher for the InfoSec Institute and author of "Just Enough Security" (LuLu; $34.95).

First, understand what data leave the company on mobile devices and who has access, says Olzak, who offers more on mobile security in his book, "Enterprise Security: A Practitioner's Guide." Excerpts of his advice are available at

resources.infosecinstitute.com.

Establish a mobile policy.

"To ensure employees behave in expected ways, management must document what is and is not acceptable behavior," he notes.

A mobile security policy should include such elements as passwords and whether employees are allowed to use their own devices to store data, says Rob Humphrey, director of global business development for security products at Kensington Computer Products Group, a division of Redwood Shores, Calif.-based ACCO Brands, Inc.

Password protection is key, notes Humphrey. Don't disable the password protection on your smartphones and tablets, he advises, and avoid leaving your device logged on if you're going to be away from it for an extended period of time.

Don't ignore physical security, either. For example, Kensington sells laptop locks and a wireless security tether that attaches to your keys or handbag and alerts you when you're separated from your phone and automatically locks the screen.

There are also programs available that allow you to wipe data remotely from your device. These include SOTI, AirWatch and MobileIron for smartphones, and BES for BlackBerry, Collins says. The programs also serve as remote monitoring tools for mobile devices, allowing a company to track them and block applications if necessary, he adds.

Foil would-be thieves

Beyond those protections, don't forget to have proper data encryption on sensitive information and firewall protections in place to keep intruders from hacking into your systems, Collins says. They should be just as robust if not more secure than what you'd have on your office computers, he notes.

And use common sense.

To avoid theft or loss, Ed Avizur, president of A.B. Computer Systems Inc. in Melville, a business-management software solutions provider, says when traveling he doesn't carry a laptop bag. Instead he puts his laptop in his carry-on "so it's not as obvious."

He doesn't store any "sensitive customer information" on laptops or smartphones, and the company makes sure to back up its mobile devices regularly so any lost data can be restored quickly, Avizur says.

The company also has its name and office phone number on all mobile devices, and takes added precautions when staff members travel.

"We make sure to carry the laptop and smartphone with us at all times," he notes. "And we don't leave them in our hotel room unless they are in a safe."


60%

Percentage of lost or stolen smartphones are believed to contain sensitive and confidential information.


Source: McAfee/Ponemon Institute