Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Hold Your Vendors To Their Promises | Main | Six Ways Organizations Can Lessen Mobile Computing Risks »

Mobile Computing Security Problems Exist Throughout the World

Every day, literally, I read news reports about lost or stolen laptops. Today is no exception. The news report, "A Misconfigured Laptop, a Wrecked Life," chronicles how one man had his first work laptop stolen, and then he was fired when the second work laptop he was issued as a replacement was found to have pornography on it...either it was pre-loaded when he got it, or lack of prevention software allowed someone to remotely load it on his computer while he was online.

It is very important to provide training and ongoing awareness communications to personnel about the risks of mobile computing and how to protect mobile computers, as well as implement protections for mobile computing devices.

In my June issue of "IT Compliance in Realtime" I cover this topic in the second paper, "What to Tell Personnel: Mobile Computing Security and Privacy."

Here are the first couple of sections from that paper...

---------------------------------------
I've written for many years about the risks of mobile computing. Over the years, the risks have continued to increase at a much greater rate than the rate of organizations actually being proactive to mitigate the risks of mobile computing. For example, all the following were reported in the news on the same day--

May 19, 2008:

  • LPL Financial notified the Maryland Attorney General's office that on April 10, 2008, a laptop containing data about 2800 employees of LPL and its affiliated companies was stolen from an employee's car in North Carolina. The personally identifiable information (PII) stored on the laptop included names, Social Security numbers, employee ID numbers, and other employee financial compensation information.
  • Sodexo, Inc., an integrated food and facilities management services provider, reported that a laptop stolen from an employee's vehicle in Montgomery County probably contained names and Social Security numbers about 919 residents of Maryland employed by the company in addition to information about employees from other states. They were "not sure" if the information was stored on the laptop, but it was a good possibility.
  • Bearing Point Management & Technology Consultants reported a laptop was stolen from an employee's vehicle on April 11 that contained PII about all its employees, including first and last names and Social Security numbers.

And I could add many more examples from the same day to this list!

Mobile Computing Security Problems Exist Throughout the World

This is not just an issue of concern within the U.S.; mobile computing security must be addressed throughout the world. There have been several reports in the U.K. of thefts and losses of mobile devices and storage media, such as laptop computers and USB drives containing the medical details of National Health Service (NHS) patients. A 2008 report indicated at least nine NHS trusts have lost patient information. Following these losses, it was widely reported that the chief executive of the NHS instructed all NHS chief executives to implement effective safeguards for laptops, CDs, and USB pen drives. In November 2007, the U.K. Information Commissioner recommended that health professionals who have inadequate security, for example by leaving a laptop containing unencrypted patient information in a place where it is stolen, should be prosecuted for breach of the Data Protection Act (DPA).

---------------------------------------

I'll post some more sections from the paper soon!

Tags:                      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on June 18, 2008 2:24 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/744

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.