Portable devices have already invaded the workplace, and, most of the time, this a good thing. Thumb drives, tablets, audio players, e-readers and media cards give workers easy access to personal and business data wherever they are.
Yet, with all that convenient access comes a lot of risk, both to personal and business data. According to the United States Computer Emergency Readiness Team, portable devices, due to their inherent characteristics, are prone to losses of physical control and network security breaches. As the US-CERT points out, these devices can increase the risk of data loss if a device is misplaced or lost, and data exposure if sensitive data is exposed to third parties or the public without consent. They can also increase exposure to network-borne attacks (think: malware) to and from any system the device is connected to.
If you worry about the risks presented by using these devices, read the US-CERT's recommendations on portable device security, available here in the IT Downloads library. Appropriately named, "The Risks of Portable Devices" paper homes in on two distinct groups of devices:
- Simple media devices that require a wired connection to a host in order to transfer data (for example, jump drives, media cards, CDs, DVDs and music players without Wi-Fi capability).
- Smart media devices that can transfer data with a wired or non-cellular wireless connection (for example, tablets, gaming devices, music players with Wi-Fi capabilities and ereaders). These devices are generally used to access email, surf the web, and download applications, music and books.
Minimize the risks by following US-CERT's best practices for individuals and organizations. While the full paper breaks the practices down to steps that should be followed by device type (simple and smart devices), it includes a section on recommendations for all devices. Download the complete paper for all the particulars, but these three tips can get you started: