How to Manage Portable Device Risks

John Storts

Portable devices have already invaded the workplace, and, most of the time, this a good thing. Thumb drives, tablets, audio players, e-readers and media cards give workers easy access to personal and business data wherever they are.

Yet, with all that convenient access comes a lot of risk, both to personal and business data. According to the United States Computer Emergency Readiness Team (US-CERT), portable devices, due to their inherent characteristics, are prone to losses of physical control and network security breaches. As the US-CERT points out, these devices can increase the risk of data loss if a device is misplaced or lost, and data exposure if sensitive data is exposed to third parties or the public without consent. They can also increase exposure to network-borne attacks (think: malware) to and from any system the device is connected to.

If you worry about the risks presented by using these devices, read the US-CERT's recommendations on portable device security, available here in the IT Downloads library. Appropriately named, "The Risks of Portable Devices" paper homes in on two distinct groups of devices:

  • Simple media devices that require a wired connection to a host in order to transfer data (for example, jump drives, media cards, CDs, DVDs and music players without Wi-Fi capability).
  • Smart media devices that can transfer data with a wired or non-cellular wireless connection (for example, tablets, gaming devices, music players with Wi-Fi capabilities and ereaders). These devices are generally used to access email, surf the web, and download applications, music and books.

Minimize the risks by following US-CERT's best practices for individuals and organizations. While the full paper breaks the practices down to steps that should be followed by device type (simple and smart devices), it includes a section on recommendations for all devices. Download the complete paper for all the particulars, but these three tips can get you started:

  • Limit the use of all removable media devices except where there is a valid business case that has been approved by the organization’s chief IT security officer.
  • Create security and acceptable-use policies for all portable media devices, and educate your employees about those policies.
  • Teach your employees to report missing devices immediately so they

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.