Mobile devices may pose greatest threat to confidential data


A white paper written by not-for-profit IT security association ISACA claims to show that smartphones and other high-end mobile devices pose a serious threat to confidential information, since they effectively allow insider access to the company IT network.

The use of wireless networks, which are typically less secure than wired networks, leaves information at greater risk for interception.
Mobile devices, says the research, can also be the targets of malware attacks as employees carry them beyond the protection of their company’s network. Lack of enterprise control of physical devices, along with the growing practice of employees using personal devices for business, has increased mobile device risk levels.

According to Christos Dimitriadis, the lead author of the ISACA report and a respected technology expert in Greece, the threats posed by smartphones are very real since the handsets are now coming under attack by a new generation of malware.

So what is the solution?
Dimitriadis says that the answer is a holistic approach to defending the company resources against smartphones, since malware and data leaking issues are problems that can be countered using a positive approach to security.
Whilst authentication and encryption clearly have their place in the mobile security arena, the ISACA professional says that a governance framework such as ISACA’s COBIT or Risk IT will help businesses to ensure that process and policy changes are implemented and understood.

The white paper goes on to say that mobile technology can offer enterprises several highly valued benefits – from increased productivity to better customer service – but it is important to recognise that these benefits can be realised only if the enterprise manages the technology effectively.

Avoid identity theft


Internet criminals want your data
Your identity and your reputation are very precious. Here is our advice about how to look after them online.
Online crooks will try to trick you into giving them your information, for example by sending fake emails with links to convincing but fraudulent websites. They want to spend your money, tap your bank account and use your credit cards.

Protect yourself against this kind of phishing and spoofing:
• Block unwanted spam email – this will also block most phishing emails.
• Use a modern web browser that will warn you against known phishing websites.
• Don’t give away your password or any other personal information.

Remember that there’s no delete button on the internet. If you publish something, even if you delete it later, you have no control over how it is stored, copied or archived. Think twice about publishing something you might later regret.

Choose strong passwords – using a mix of several words, letters, numbers and punctuation. Use different passwords for different sites to make it harder for identity thieves.

You also need to be careful about the information you give away about yourself online. For example, be careful about giving away too much information on blogs and social networking sites like FaceBook, Twitter or MYSpace. Identity thieves can piece together your identity from public information piece by piece like putting together a jigsaw.