Mobile business - the threat from within

I carry more than 2GBs of storage in my bag. All of it is in the form of USB memory sticks – giveaway promotions from various IT vendors on the assumption that I just love to take my work home on a stick.

  • E-Mail
By  Colin Edwards Published  June 18, 2006

|~||~||~|I carry more than 2GBs of storage in my bag. All of it is in the form of USB memory sticks – giveaway promotions from various IT vendors on the assumption that I just love to take my work home on a stick.

By work of course, I mean overtime in the form of a couple of 25kb Word files - jobs that would have been completed during normal working hours had it not been for the continuous interruptions from the very vendors that gave me the sticks in the first place. (So that’s why they gave them to me.)

Taking work home for other people, of course, means actually taking the business home – either legally or illegally and that’s becoming a real worry for not only IT managers and corporate security personnel. Now, the very same vendors who insist on developing mega gigabytes of memory and then giving it away to all and sundry or embedding them in their latest products are also getting alarmed about the threat mobile storage devices pose to their own businesses.

For example, according to reports, Samsung’s CEO has banned employees from using its latest phone at work because its 8Gb memory represents a security risk. It is said to be more than enough memory to store Samsung’s intellectual property – enough in fact to store about 1 million standard documents.

The action highlights the fact that CIOs can put in all the security they can afford to prevent external threats, but at the end of the day, the biggest threat comes from within. A growing number of companies – albeit still only 12% according to Pointsec - are now banning the use of mobile storage devices at work – and that includes the innocuous iPod, the latest mobiles and of course the USB memory sticks.

However, such banning doesn’t prevent stupidity, such as allowing or not preventing employees from carrying around key, unencrypted data in their laptops. The instances of them being lost or stolen are rising at an alarming rate and the scary thing about most of it is that it is companies like Ernst & Young, who preach the importance of data security, that are among the biggest victims – though the real victims are those individuals whose confidential details, such as social security numbers, were stored on the notebooks.

Probably the most stupid recent case is that of the US Department of Veterans Affairs employee who had personal information on as many as 2.2 million US military personnel, which was stored on disks and a notebook, stolen from his house. They ended up in the hands of a thief – hopefully a petty one who isn’t aware of the potentially powerful weapon he has just stolen.

Could it happen in the Middle East? Of course it could. Take a look at typical notebook users using wireless facilities at the region’s coffee houses. These aren’t idle Internet surfers. They’re business people conducting business while on the move. And move they do: up to the counter, to the facilities or outside for a cigarette. And where’s the notebook? It’s on the coffee table, waiting for someone to pick it up and run.

Unlikely? Maybe. Should it be grabbing your attention? Definitely. If you don’t believe it needs some urgent action just do a Google search on ‘notebook+theft’. It will come up with six million results. A similar search for ‘data+theft’ will throw up 80 million. That’s reason enough to consider reviewing and enhancing the security on your company’s notebooks and making sure that the message gets through that it is a company’s employee that need to be mobile, not the company itself.


Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code