Portable Data - Enjoy The Convenience, Manage The Risks

Today, there are more options for those of us who need to take data out of the office. We can take gigabytes of reports, images and presentations anywhere. More people are using USB memory sticks as their capacities increase and the price per gigabyte continues to fall. The preponderance of pocket sized multi-gigabyte storage media has enabled employees to put confidential corporate data at risk of loss and theft. Research by Centennial indicates that two thirds of people who have used a memory stick have lost one at some point, and that of those lost, 60% had critical business information stored on them.

Oh Data, Where Art Thou?

Losing portable computers and data has been a problem for years, but today there are more electronic files "on the move" and the consequences of loss can be more severe. Some states and regulatory agencies require companies to report the loss or theft of sensitive data such as client records.

Companies should have strong security policies that address risks such as those posed by portable USB drives, says James McQuivey of Boston University's College of Education. Preventing outside intruders is no longer sufficient. "Recent FBI CyberCrime Statistics reveal that 75% of all information security breaches are attributed to internal sources, " says Donna Kemp of T3i, an Atlanta firm that trains and assists companies with information security and regulatory compliance issues. "Without sound policies that employees understand and use, even the smallest of companies are at significant risk of non-compliance or litigation."

A Few Simple Steps

There are ways to protect portable data. First and foremost comes common sense. Whenever you take data with you, know where your data storage devices are. Consider a theft deterrent such as a cable lock or portable alarm if you must leave your laptop unattended at times. Laptops are stolen from airport security points, offices, hotels and vehicles. In addition to policies and precautions, consider using these security measures:

Authentication devices: A small token that plugs into the USB port can be used to prevent unauthorized access to a laptop. If you use this type of authentication, don't store the token in the laptop case, and be sure not to lose it. Biometrics readers, such as thumbprint scanners, provide more sophisticated security. Sony and Lenovo make laptops with these built in.
Encryption: Encrypting sensitive data is wise, especially if you travel with files or send them in email. There are solutions for encrypting data in Blackberry and other PDA's, portable memory sticks and email. One method is to use the Encrypting File System that is included in Windows XP. Commercial options are available for File- and Folder-based encryption, Full-disk encryption, and policy-based encryption.

Effective use of encryption will thwart the efforts of most would-be data thieves. Just as important, it will get the person whose data is hacked or lost "off the hook" of regulatory compliance, according to Erika Koster, a partner in the intellectual property group at Oppenheimer Wolff & Donnelly, a Minneapolis law firm.
Password Protection: If you plan to store sensitive data or valuable intellectual property on a USB memory stick, choose one that provides the option for password protection. Use a complex password, and keep a record of it in a secure place.

Combining password protection with authentication, encryption or both provides much stronger security. Lenovo has implemented a combination approach to security in a new series of ThinkPads. Both login and data encryption are controlled by a biometric reader, which verifies the owner's thumbprint before allowing access.

In addition to these measures, threre are reactive options. Laptop tracing is a fee-based service ($18 - $60 per year) that tracks the computer's location by an IP address or phone number. Device Reset and Remote Kill are software features that eliminate data in Blackberries and other PDA devices in circumstances such as failure to "phone home" for a prolonged period or repeated entry of invalid passwords. One of the benefits of implementing Blackberry Enterprise Server is that the network administrator can wipe data from a stolen Blackberry immediately after notification that it is missing.

If your business is considering deploying Blackberry or other mobile data communications solutions for your workforce, contact Leapfrog Services at 404.870.2122 or at www.ribbit.net. Our project management team will be glad to provide a needs assessment and to help you evaluate options. We can implement your chosen solution and provide ongoing technical support.

Blackberry is a registered trade- mark of Research In Motion Ltd.
Windows and XP are registered trademarks of Microsoft Corp.

This article originally appeared in the October, 2006 issue of FrogTalk.