Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.

MOBILE DEVICES - REDUCE THE RISK OF A PRIVACY OR SECURITY BREACH

Posted on May 14, 2009

      The Halifax Health Department is phoning dozens of continuing care clients after an employee lost her BlackBerry, which contained their private medical information. The BlackBerry did not have passowrd protection as required by the Health Department.

      Given the media's focus on data security breaches, and increasing public concerns over how sensitive information is secured by the organizations, it is clear that a breach can devastate a business. Meanwhile, with telecommuting and travel, our work style has changed dramatically - our offices tend to be wherever we physically are. As we receive, use and send information "on-the-go", the risk of losing a mobile device or having it stolen, and the resulting risk of a data security breach, grows exponentially. Being portable and having information at our fingertips is highly convenient, but reducing the risk of a data breach is even more important.

      Think about the data you have with you on a mobile device right now. It could be confidential information about your sales activities and strategies, or commercial information about a company that you would never want leaked. Or, it could be personal information, such as your prospects' personal contact details, preferences or other information about your customers or clients as individuals. Under the private sector privacy laws that apply federally and in various provinces, "personal information" is broadly defined. You are required to safeguard this information with physical, technical and administrative measures that are appropriate to the sensitivity of the information.

      As many in the marketing industry know, many individuals are highly sensitive about their contact details or buying patterns, and not just their medical or financial information. Sensitivity is subjective. Therefore, your goal as an organization must be to safeguard all confidential information on employees' mobile device.

      A mobile device could be a company-issued Personal Digital Assistant (a "PDA") such as BlackBerry or smartphone, a cell phone with storage capacity, a laptop or a USB memory stick.

      Here are some key steps that employees must take to reduce the risk of a data breach:
• Never carry more information on the hard disk of your mobile device than you need immediate access to. If you have the ability to dial in remotely and retrieve or store information on a secure server, take the data off your device, or only store it there temporarily.
• Password protect your device. Choose a strong password - A password that is: alphanumeric; at least 8 characters long; and does not contain common names). Do not write your password down!
• Be aware of your surroundings when using your mobile device. Get a privacy screen/filter for your laptop if you will be working on sensitive documents, such as a confidential proposal, in public places.
• Do not download free software from the Internet without a high level of assurance that the product is safe, and won't install unwanted code onto your mobile device.
• Do not make you mobile device an obvious target for theft. Put your laptop case in a knapsack or gym bag.
• Make frequent and necessary backups of data, in the event that data is lost.
• When traveling by air, do not check in your laptop as luggage. Carry it on board and store it under the seat in front of you rather than in the overhead luggage bins.
• Keep a watchful eye on your mobile device as you go through airport security checkpoints. This is a known location for device theft.
• Use only secure wireless connections. If you are unable to find one, save important transmissions until you can connect to a secure environment.

      Here are some key steps a company must take before providing an employee with a mobile device:
• Encrypt! Passwords alone should not be the only defence. If employees must store sensitive information on their devices, install file encryption or whole disk encryption. There are various encryption software packages on the market that are easy to use.
• Install tracking software and disk swipe software. Tracking software assists recovery of a lost or stolen device. Disk swipe software ensures that all data on the device is automatically destroyed if accessed by an unauthorized individual.
• Change the default security settings on new devices, as they are often set to the least security. For example, activiate failed log-in lockout settings, whereby after a certain number of tries, a thief or password sniffer will no longer be able to guess the password for the device.
• Run full system scans on mobile devices periodically to check for viruses and spyware.
• Disable unused access methods. For example, if issuing a laptop, but the wireless card will not be used, turn it off.

      Mobile devices are the fastest growing device segment. When using a mobile device, always keep in mind the question: "What could happen if an unauthorized person gained control of the information on this device?" By taking steps to protect mobile devices, you can reduce the risk of compromising confidential information and your company's reputation.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999