ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > IT Management

Mobile working Toolkit

Develop a security strategy for mobile working

Deb Shinder Tech Republic

Published: 19 Jul 2006 13:35 BST

…anyone who can log on with that user's account can read the encrypted files. By default, EFS stores the private key on the hard disk, but you can export it, delete it from the hard disk and keep it on removable media that you carry separately from the computer for better security.

You can also add an extra layer of security by requiring two-factor authentication to log on to the computer. This means the user must not only provide credentials (which a thief might be able to crack) but must also provide a smart card, token or biometrics such as a fingerprint.

Another solution is to use a third-party encryption product that supports strong algorithms. There are many software programs that will encrypt either selected files or the whole disk. Many of these also support two-factor authentication. Some laptops support hardware-level encryption, and some of these come with built-in fingerprint or smart-card readers.

Divide the goodies
Even if users aren't able to connect to the central server to access sensitive files, that doesn't mean those files have to be stored on the laptop itself. By storing the data files on a removable USB flash drive or a writable CD/DVD and keeping it separate from the laptop (not just out of the computer but in a different case) when it's not being directly used, you reduce the chances of a thief getting it, since he's likely to go for the computer case and not take your other luggage.

"Redact" that document
Another precaution you can take is to copy only partial records to the removable disk. Removing sensitive information from a document is called "redacting", and this can be done before an employee is allowed to take the document on the road.

Some databases will allow you to copy only selected fields, and workers don't always need information such as social security numbers in order to do their tasks. In fact, there is software that can scramble or encode those numbers so that if a thief gets possession of the document, the most sensitive information can't be read.

Other protective measures
If it's absolutely necessary to store sensitive information on the laptop itself, in addition to encrypting the data you can install software that will "call home" and/or shut down if an unauthorised person tries to log on. Some programs will even go so far as to delete and overwrite all the data on the disk when this happens.

Along with technological solutions, don't forget one of the most important preventative measures of all: educating employees about the importance of protecting their mobile computers and the data on them. Many thefts and losses occur because of carelessness.