Best Practice for Securing Mobile Handheld Devices
Introduction
The primary purpose of email in an organization is to relay important information to employees, stakeholders, and associates of the institution. Many institutions do classify how and in what capacity their computer systems are to be used. My employer, NC State University, uses the institution’s website as a means of communicating the acceptable use of email and computers while in the workplace. The website is meant to provide easy access to information should anyone feel uncertain about online activity. One can find all of the rules of conduct within the Computer and Network Use Regulations page. While some companies are stricter than others, it is sometimes acceptable to use workplace email accounts as a means of personal communication. However, because the same accounts are being used to transfer critical information such as documents, client information, and business transaction details, employers are exposed to a greater threat (Flynn & Kahn, 2003). Once information is transmitted outside the organization, without security measures in place, it can be easily misused for personal gain at the company’s expense. It can even be unknowingly intercepted by a third party. An effective approach to governing the use of mobile devices should include a well written email policy, a set of monitoring and security tools, and employee training.
Pre-Mobile security Practices
Traditional practices of securing email and data focus on desktop control, server restrictions, and monitoring tools. Desktop control includes decisions on which email client to use. Mozilla Thunderbird may be chosen for its security features like anti-phishing or remote image blocking. On the other hand, Outlook may be chosen because of its seamless email and calendar functionality. Some organizations choose to limit the size of incoming and outgoing email messages or the number of recipients emails can be sent to in a given period of time. This helps reduce the possibility that an account can be used to spam large numbers of addresses. Flynn and Kahn (2003) point out that misuse of company email is so pervasive that 47 percent of large U.S. employers review email messages. These controls are intended to monitor and protect information that originates from the company. However, the introduction of mobile devices have allowed for the evasion of such monitoring. If an institution has authority over company owned devices, then that institution is also the legal custodian of data originating from that device. Employers need to obtain temporary jurisdiction over personally owned devices that are also used for official business. The policies governing email in the workplace are ineffective if they do not encompass all devices that are used for business purposes.
To get an idea of the widespread use of mobile devices in the workplace, Pew Internet and American Life Project have performed a study of networked workers. Studies show that 19% of adult workers own a PDA, Blackberry, or other device and 25% of owners use the device for email. It is not surprising that data security is a huge risk when 57% of mobile device owners use the device
Build your tech library with our book giveaways.
Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne
The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!
