How to Manage Portable Device Risks

John Storts

Portable devices have already invaded the workplace, and, most of the time, this a good thing. Thumb drives, tablets, audio players, e-readers and media cards give workers easy access to personal and business data wherever they are.

Yet, with all that convenient access comes a lot of risk, both to personal and business data. According to the United States Computer Emergency Readiness Team (US-CERT), portable devices, due to their inherent characteristics, are prone to losses of physical control and network security breaches. As the US-CERT points out, these devices can increase the risk of data loss if a device is misplaced or lost, and data exposure if sensitive data is exposed to third parties or the public without consent. They can also increase exposure to network-borne attacks (think: malware) to and from any system the device is connected to.

If you worry about the risks presented by using these devices, read the US-CERT's recommendations on portable device security, available here in the IT Downloads library. Appropriately named, "The Risks of Portable Devices" paper homes in on two distinct groups of devices:

  • Simple media devices that require a wired connection to a host in order to transfer data (for example, jump drives, media cards, CDs, DVDs and music players without Wi-Fi capability).
  • Smart media devices that can transfer data with a wired or non-cellular wireless connection (for example, tablets, gaming devices, music players with Wi-Fi capabilities and ereaders). These devices are generally used to access email, surf the web, and download applications, music and books.

Minimize the risks by following US-CERT's best practices for individuals and organizations. While the full paper breaks the practices down to steps that should be followed by device type (simple and smart devices), it includes a section on recommendations for all devices. Download the complete paper for all the particulars, but these three tips can get you started:

  • Limit the use of all removable media devices except where there is a valid business case that has been approved by the organization’s chief IT security officer.
  • Create security and acceptable-use policies for all portable media devices, and educate your employees about those policies.
  • Teach your employees to report missing devices immediately so they

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.