Mobile Computing Security Problems Exist Throughout the World

Every day, literally, I read news reports about lost or stolen laptops. Today is no exception. The news report, “A Misconfigured Laptop, a Wrecked Life,” chronicles how one man had his first work laptop stolen, and then he was fired when the second work laptop he was issued as a replacement was found to have pornography on it…either it was pre-loaded when he got it, or lack of prevention software allowed someone to remotely load it on his computer while he was online.

It is very important to provide training and ongoing awareness communications to personnel about the risks of mobile computing and how to protect mobile computers, as well as implement protections for mobile computing devices.
In my June issue of “IT Compliance in Realtime” I cover this topic in the second paper, “What to Tell Personnel: Mobile Computing Security and Privacy.”
Here are the first couple of sections from that paper…
I’ve written for many years about the risks of mobile computing. Over the years, the risks have continued to increase at a much greater rate than the rate of organizations actually being proactive to mitigate the risks of mobile computing. For example, all the following were reported in the news on the same day–
May 19, 2008:

  • LPL Financial notified the Maryland Attorney General’s office that on April 10, 2008, a laptop containing data about 2800 employees of LPL and its affiliated companies was stolen from an employee’s car in North Carolina. The personally identifiable information (PII) stored on the laptop included names, Social Security numbers, employee ID numbers, and other employee financial compensation information.
  • Sodexo, Inc., an integrated food and facilities management services provider, reported that a laptop stolen from an employee’s vehicle in Montgomery County probably contained names and Social Security numbers about 919 residents of Maryland employed by the company in addition to information about employees from other states. They were “not sure” if the information was stored on the laptop, but it was a good possibility.
  • Bearing Point Management & Technology Consultants reported a laptop was stolen from an employee’s vehicle on April 11 that contained PII about all its employees, including first and last names and Social Security numbers.

And I could add many more examples from the same day to this list!
Mobile Computing Security Problems Exist Throughout the World
This is not just an issue of concern within the U.S.; mobile computing security must be addressed throughout the world. There have been several reports in the U.K. of thefts and losses of mobile devices and storage media, such as laptop computers and USB drives containing the medical details of National Health Service (NHS) patients. A 2008 report indicated at least nine NHS trusts have lost patient information. Following these losses, it was widely reported that the chief executive of the NHS instructed all NHS chief executives to implement effective safeguards for laptops, CDs, and USB pen drives. In November 2007, the U.K. Information Commissioner recommended that health professionals who have inadequate security, for example by leaving a laptop containing unencrypted patient information in a place where it is stolen, should be prosecuted for breach of the Data Protection Act (DPA).
I’ll post some more sections from the paper soon!

Tags: , , , , , , , , , ,

Leave a Reply