Darity Wesley is CEO and legal counsel of Privacy Solutions Inc., a San Diego based consulting company. You can reach her at 619/670-9462 or firstname.lastname@example.org.
Protection on the Go
Is your mobile device at risk of foul play?
February 1, 2007
The mobile devices that allow you to be available to clients 24/7 are among the weakest links in keeping sensitive information secure from identity thieves. As the widely publicized theft last year of a laptop computer with 26.5 million veterans’ Social Security numbers from an employee of the U.S. Department of Veterans Affairs demonstrates, the data we carry around every day on our laptops and PDAs is vulnerable.
With a stolen laptop in hand, thieves have the keys to an information gold mine. They can use passwords and cookies saved in its memory to gain entry to servers, secured Web sites, and restricted intranets and extranets. From there, they can access confidential company information (employee salaries, new product plans, or financial details) or a client’s personally identifiable information. But there are steps you can take to keep data safe without sacrificing mobility.
- Lock, key, and common sense. More than 80 percent of the laptops on the market are equipped with a universal security slot, which allows a laptop to be attached to a cable lock. When this cable is tethered to an immovable object, it keeps a laptop from “walking off.” You can purchase cables for as little as $30 at any office supply store. However, hard drives can sometimes be removed.
- Laptop alarms make an attention-grabbing ruckus when a thief tries to cut your laptop cable. Products such as the MicroSaver Alarmed Lock (http://us.kensington.com) cost about $55. Alarms can be heard up to 50 feet away.
- Antitheft software from providers such as Computrace’s LoJack for Laptops (www.lojackforlaptops.com)can track the location of a stolen laptop. The software ($49.99 annually) sends a silent alarm to the monitoring company (much like a home alarm) the first time a thief connects it to the Internet after it’s reported stolen. Then the monitoring service alerts law enforcement to the laptop’s location.
Securing your data
Even if your mobile device is stolen, you can still keep your data safe if you’ve implemented sophisticated password protections (see “What’s the password?” September 2006, page 50) or used encryption software. Most encryption software allows you to create encrypted “containers” on your computer. These data vaults let you store files from any program you’re running and keep them inaccessible to all but the most expert hackers. Adding files to these vaults is as easy as dragging and dropping. Software from www.truecrypt.org, which is free, or www.kryptel.com (free for 30-day trial) will allow you to encrypt files. Some operating systems already have this capability.
Another way to safeguard your data is to purchase a laptop or PDA equipped with a biometric authentication option. These systems, standard on some new laptops, scan your fingerprint and authenticate your identity before letting you access data. You can also add one of them to your current computer as a USB flash drive; the devices start at about $100. Sources include APC (www.apc.com) and Kanguru Solutions (www.kanguru.com).
If you use Bluetooth wireless broadband connectivity (see “Pull the plug,” page 44) on your PDA, keep it disabled when you’re not actively using it. Even when Bluetooth is active, keep your device in nondiscoverable mode. This will keep your device invisible from people casually scanning for Bluetooth enabled devices or sending you unwanted contact info, a practice called bluejacking. To set this mode on most phones, go to the Bluetooth menu and change the setting to nondiscoverable.
Finally, don’t pair your PDAs in a public place or pair with unknown devices. (Pairing is the process of setting up a trusted connection between two Bluetooth devices.) Hackers can monitor the process and attempt to regenerate your PIN code.
Unfortunately, vigilance and good security procedures are necessary today to keep your data safe. Don’t learn the hard way about identity theft.