| morpheus9@fastmail.fm 2008-01-30, 7:33 am |
| Hopefully the following is of interest to the business readers of this
group. It is an extract from the ISO 27001 Newsletter (http://
www.molemag.net/17.htm), which is focused upon information security
issues for businesses and corporations.
It is fairly intuitive to read:
Mobile Phone Security
=============== =
The wide scale use of mobile phones for business purposes has brought
with it a raft of new and poential risks and exposures. These devices
can not only store voice messages (information), but text messages,
and often complex data, particularly with the advent of web browsable
smart phones.
It is hardly surprising therefore that there has been a gradual
increase in the number of security breaches and consequential business
losses resulting from cell phone theft or unauthorized access.
These issues are covered in a number of sections within the ISO 27002
standard. These include Section 9.2.5 (Security of Equipment Off
Premises) and 10.8.1 (Information Exchange Policies and Procedures).
However, most of the focus is applied within section 11.7.1: Mobile
Computing and Communication.
The general objective of this section is: "The protection required
should be commensurate with the risks these specific ways of working
cause. When using mobile computing the risks of working in an
unprotected environment should be considered and appropriate
protection applied."
This particular section offers specific guidance with respect to the
physical protection of the cell phone itself, cryptography of the data
held, backups of the data/information, and of course virus protection
(ref: smart phones).
We would argue that awareness is also a major factor with respect to
phone security. This type of device can very easily be taken for
granted, and the security aspects overlooked. The following is perhaps
a start point for a list to include in an awareness campaign for your
employees:
- Do not openly display a cell/mobile phone: keep it out of sight in
a pocket or handbag
- Always use your phone's security lock code or pin number
- Do not leave it unattended: keep it with you at all times
- Properly mark your phone with your zipcode/postcode
- If the phone is lost or stolen, report it straight away to the
police, your service provider, and your security officer
- If possible, avoid using it in crowded areas
- Be aware of your surroundings and the people near to you
- Make a note of your cell phone's IMEI number
Now is an excellent time to review this entire section (11.7.1) with
respect to the Cell Phones within your own organization. Our crystal
ball tells us that business losses due to security exposure in this
area are going to increase significantly over the coming months and
years. Hopefully, our subscribers will be sufficiently prepared to
avoid being one of the major victims.
|