Date: October 31, 2007

Subject: Securing Mobile Data

Much has been said in recent years about the mobile workforce and the increases in productivity and employee satisfaction that can result from the ability to work wherever one is. However, having mobile employees also results in mobile data and with mobile data comes the possibility of its loss or theft. In this month's ELM Bulletin we will briefly discuss some methods by which data may be made more secure as it travels beyond your office.

1 - NOTEBOOK COMPUTER - A great amount of data travels on the notebook computer systems used by your employees.  Whether to a client site, a sales call or the cottage a notebook gives them the ability not only to carry data with them wherever the go but also to use it when they get there or while they are in transit.

a - Password - All versions of Windows from XP onward allow the use of passwords to grant access to the system. This functionality should be enabled as a minimum precaution and should be extended to the screensaver so that the casual passer-by is prevented from viewing what is on the system. Passwords will not protect the data if the computer is stolen as there are well known methods of bypassing this level of security, but it is a good first step that provides a reasonable amount of security for systems that are used in many different locations.

 

b - Encrypting File System - Both Windows XP (Professional version) and Windows Vista (Home Premium, Business and Ultimate versions) have the ability to encrypt data built into the operating system. This system, known as the Encrypting File System (or EFS), allows the user to encrypt data on any hard disk attached to the computer on a file-by-file or folder-by-folder basis. Unless the encrypted file is large system performance is imperceptibly reduced. As encryption is tied to the password of the user account used to encrypt it, the data can only be accessed after a successful logon to that user account. For this reason Microsoft provides the ability to create a data recovery disk that can be used to re-enable data access if for some reason the original password is lost.

 

c - Bit Locker - Windows Vista (Ultimate and Enterprise versions) also includes a program named Bit Locker which can be used to encrypt an entire hard disk. Because of this, a second hard disk partition must be created to hold the data as Windows itself cannot boot from a Bit Locker encrypted disk drive. (Bit Locker requires the Trusted Platform Module 1.2 hardware security chip available as an optional extra on many business desktop and notebook systems.)

 

d - Third Party Software - You could also install third party software such as DESLock which we use to secure our client data. One primary advantage of using third party software is that the data security system is independent of the operating system on which it resides and may therefore be more easily transportable between computer systems.

2 - PERSONAL DIGITAL ASSISTANT (PDA) - It seems these days that almost everyone is carrying a PDA of one type or an other. Whether you use a Pocket PC, RIM's Blackberry or any one of the abundant alternatives the odds are that there will be at least some provision to either transport or manipulate date (or both). Almost all PPC, Blackberry and Palm devices include the ability to seamlessly work on office documents while on the road.

a - Password - Like a PC, most PDAs provide some ability to restrict access based on a password. The same limitations apply in that if the device is stolen it is almost certain that the password can be bypassed. Passwords remain a good first step but for critical data further measures are necessary.

 

b - Third Party Software - Third party encryption software exists for most PDA styles and offers similar functionality to those available for PCs. Because there is such a diversity of PDA devices it is impossible to make any recommendation other than to say that we use SoftX Secure Notes on our Microsoft PPC devices and find its integration with the desktop very satisfactory. If you are in the habit of transferring individual data files on your PDA you will need instead a program that can encrypt discrete files on the PDA as Secure Notes is no more than a self-contained secure notepad.

3 - USB Keys & Etc. - With USB keys of considerable capacity being available for $50.00 or less they have replaced the floppy disk and CD/DVD ROM as the preferred method to transport large amounts of data between computer systems. Because these devices do not contain an operating system they offer no internal security and you must rely on third party software to protect the data they carry. Probably the simplest method of securing data on USB keys (or CD/DVD ROM and any other media, even floppy disks) is to use an archiving program such as PKZIP or ARJ to compress and encrypt the data. Various Windows versions will also enable you to compress a specific file or group of files into an encrypted archive.