Handheld Devices Vulnerable to Data Theft
You may be vulnerable if you use your BlackBerry to store computer passwords or keep sensitive information about clients or friends.
Tuesday, July 24, 2007
Sue Vorenberg - Scripps Howard News Service
Most people can list the contents of their wallet easily: a driver’s license, credit cards, maybe some photos of the kids.
Some keep lists of that information at home, to protect themselves if their wallet gets stolen.
But what about the contents of your cell phone? Do you know what information is in it? Would you know what to do if a thief took that information?
Most people don’t. But you should if you want to protect yourself, said Barney Maccabe, chief information officer at the University of New Mexico.
“This is an area of interest and a growing problem,” Maccabe said. “There’s a lot of personal information in small electronic devices that we’re not necessarily aware of.”
People carry unlisted phone numbers, personal information about themselves and their families, bank identification and sometimes Social Security numbers on cell phones or personal digital assistants such as the BlackBerry.
Think you don’t? If your phone has a Web browser and you use it to check your bank account, you’re probably vulnerable, Maccabe said.
You may also be vulnerable if you use your BlackBerry to store computer passwords or keep sensitive information about clients or friends.
“A lot of people use Bluetooth now for wireless,” Maccabe said. “It’s not particularly secure, at least not initially. It is possible to walk by somebody and have your phone talk to their phone without doing anything.”
That trend will likely be amplified in coming years as the use of smaller devices like PDAs and cell phones becomes even more prevalent, said Jeff Gassaway, security administrator for central computing at the University of New Mexico.
But ultimately, it’s not the devices themselves that are the problem — it’s the way people think about them.
“Awareness is the issue,” Gassaway said. “It’s a universal problem. You have to think about what information you really need on that device and weigh it against the security risks.”
Encrypting data - scrambling it so it can only be accessed with a password or a series of steps — is one solution. But too much encryption can keep your information from being useful, said Art Hale, chief information officer at Sandia National Laboratories.
“One of the challenges we need to overcome is how to recover data if we put in place a policy where all data must be encrypted,” Hale said. “Then somebody who has a laptop and forgets their password has a bigger problem. How can we reinstate the password and get the data back if everything is encrypted?”
One of the things security officers have to do is admit there will be problems and figure out how much information they’re willing to lose, Hale said.
“If you expect employees to work off-site, you have to protect your property and information,” Hale said. “But you also have to acknowledge that things will happen.”
Securing cell phones is a whole different problem because protection methods aren’t as well-developed yet, Hale said.
When those get stolen, the best thing to do whether it’s a personal or business phone is call your cell phone provider and also fill out a police report, Maccabe said.
“Another thing to remember about a cell phone or electronic device is that you should be careful when you throw them out, because your data is still there,” Maccabe said. “If you get a new phone, you should recycle your old phone but make sure whoever gets it will take care of your security information.”
Cell phone companies should also be able to tell you what sort of encryption is available for your phone, he said.
But no matter how the technology evolves in the future, Maccabe said, the best advice will always be the same: Just pay attention.
“In some senses, this is all new; in other senses, it’s not new at all,” Maccabe said. “I can remember 35 years ago people worrying about credit card receipts being stolen from restaurants or from the trash. Education about that taught us all to buy shredders. This is really just the next step in that evolution.”
(Contact Sue Vorenberg of The Tribune in Albuquerque, N.M., at www.abqtrib.com.)
Photo Copyright Getty Images
Technorati Tags: PDAs and cell phones
