Site Map | Archives

HomeNewsLocal

Defending data on laptops, cell phones, PDA is a job for all users, experts say

By Sue Vorenberg
Monday, July 16, 2007

related linksMore Local
related linksMOST RECENT TRIB STORIES

related linksTRIB IN THE BLOGOSPHERE*

*Note: The Tribune does not create and is not responsible for the blogosphere's headlines and stories. These links to blogs talking about ABQTrib.com are automatically generated. Use them at your own risk.
STORY TOOLS

SHARE THIS STORY [?]

Most people can list the contents of their wallet easily: a driver's license, credit cards, maybe some photos of the kids.

Some keep lists of that information at home, to protect themselves if their wallet gets stolen.

But what about the contents of your cell phone? Do you know what information is in it?

Would you know what to do if a thief took that information?

Most people don't. But you should if you want to protect yourself, said Barney Maccabe, chief information officer at the University of New Mexico.

"This is an area of interest and a growing problem," Maccabe said. "There's a lot of personal information in small electronic devices that we're not necessarily aware of."

People carry unlisted phone numbers, personal information about themselves and their families, bank identification and sometimes Social Security numbers on cell phones or personal digital assistants such as the BlackBerry.

Think you don't? If your phone has a Web browser and you use it to check your bank account, you're probably vulnerable, Maccabe said.

You may also be vulnerable if you use your BlackBerry to store computer passwords or keep sensitive information about clients or friends.

"A lot of people use Bluetooth now for wireless," Maccabe said. "It's not particularly secure, at least not initially. It is possible to walk by somebody and have your phone talk to their phone without doing anything."

Laptops containing sensitive information stolen from the government, universities and businesses have grabbed headlines in recent years:

*In May 2006, a laptop containing data on 26.5 million military personnel was stolen from Veterans Affairs.

*In April, one with data from 3,000 employees was stolen from the University of New Mexico.

*In June, the Department of Energy Inspector General's Office noted more than 1,400 laptops were lost, stolen or misplaced over the past six years.

That trend will likely be amplified in coming years as the use of smaller devices like PDAs and cell phones becomes even more prevalent, said Jeff Gassaway, security administrator for central computing at UNM.

But ultimately, it's not the devices themselves that are the problem - it's the way people think about them.

"Awareness is the issue," Gassaway said. "It's a universal problem. You have to think about what information you really need on that device and weigh it against the security risks."

Encrypting data - scrambling it so it can only be accessed with a password or a series of steps - is one solution. But too much encryption can keep your information from being useful, said Art Hale, chief information officer at Sandia National Laboratories.

"One of the challenges we need to overcome is how to recover data if we put in place a policy where all data must be encrypted," Hale said. "Then somebody who has a laptop and forgets their password has a bigger problem. How can we reinstate the password and get the data back if everything is encrypted?"

One of the things security officers have to do is admit there will be problems and figure out how much information they're willing to lose, Hale said.

"If you expect employees to work off-site, you have to protect your property and information," Hale said. "But you also have to acknowledge that things will happen."

As an example of that, Sandia has a separate pool of laptop computers it uses for employees who travel out of the country. Those laptops have very little sensitive information on them, and they're cleaned and screened when they come back to the labs, Hale said.

"The espionage potential for our employees is higher in some of the countries they go to," Hale said. "So, we make sure their laptops can't connect back into the overall corporate network."

Still, at least a few laptops are stolen from Sandia employees each year, Hale said.

"It's not a big population of our computers, but it does happen," he said.

Securing cell phones is a whole different problem - because protection methods aren't as well-developed yet, Hale said.

When those get stolen, the best thing to do - whether it's a personal or business phone - is call your cell phone provider and also fill out a police report, Maccabe said.

"Another thing to remember about a cell phone or electronic device is that you should be careful when you throw them out, because your data is still there," Maccabe said. "If you get a new phone, you should recycle your old phone but make sure whoever gets it will take care of your security information."

Cell phone companies should also be able to tell you what sort of encryption is available for your phone, he said.

But no matter how the technology evolves in the future, Maccabe said, the best advice will always be the same: Just pay attention.

"In some senses, this is all new; in other senses, it's not new at all," Maccabe said. "I can remember 35 years ago people worrying about credit card receipts being stolen from restaurants or from the trash. Education about that taught us all to buy shredders. This is really just the next step in that evolution."