Home » Data Protection » Wireless/Mobile

Protecting the Mobile Workforce

Seven ways to safeguard your company's roaming data from thieves, hackers, viruses and just plain stupidity

Employees might think that the chances are slim that a lost laptop, cell phone or PDA will actually fall into enemy hands. But the doom factor increases exponentially if it happens at a business conference or trade show. "If you lose your hard drive or flash drive there, the chances of someone picking it up and knowing what to do with it are pretty good!" says Jack Gold, president and principal analyst at J. Gold Associates.

"Know that you are going to lose assets," Luallen cautions. "So protect it so that somebody else can't read it. Then make sure it's backed up somewhere." Security analysts offer their advice for protecting employees' mobile devices from thieves, hackers and just plain stupidity.

1. IT should control the outbound

"You need to start treating these [mobile] devices just as you would your PCs," says Stacy Sudan, research analyst for mobile enterprise software at IDC (a sister company to CSO's publisher). "They are minicomputers, and you need to treat them that way. Security is clearly a part of that." That means centralizing a mobile security strategy and tying it to the broader corporate security strategy.

Identify what information is being accessed, tag it as sensitive or unclassified and then control its dissemination.

At health benefits firm Cigna, in Philadelphia, several hundred systems contain sensitive health and financial data protected under HIPAA and other regulatory guidelines. CISO Craig Shumard uses role-based access software from Aveksa to determine which of the 27,000 employees are granted access to these systems.

"We really restrict access to our resources to Cigna machines," including 9,000 laptops, Shumard says. "We don't allow folks to attach using their home computers. We only allow BlackBerrys as the approved device for remote e-mail and phone. We don't allow people to have their own phones and e-mail connections." In B2B cases, the company requires VPNs or other types of security mechanisms, he adds.

2. Add another layer of security

Most companies should look for three capabilities in their mobile security software: authentication, wipe-and-lock features that can remotely render the device useless and encryption, Sudan says.

"If you have some kind of power-on password, the thief can't even get into the thingâ¬that's a good first step," says Sudan.

She also recommends adding the ability to swipe or lock the devices remotely, but Luallen cautions that unless the feature is activated quickly, a would-be intruder could simply pop out the battery and deny any access to the device.