Mobile Security, Part 3 – Encryption and Data Security

As previously stated, consider whether you need to have sensitive data on your laptop or mobile device at all. Sometimes this is unavoidable so it’s a good idea to use encryption. In the event that your laptop is stolen, and before you can disable it using software like Prey, having the hard drive’s information encrypted will at least help ensure your organization’s data can’t be easily stolen or used.

For memory sticks, portable external hard drives, and disks there are also free encryption tools available. These allow you to encrypt folders or whole drives including hard disks, memory sticks, and portable media such as DVDs. Examples include TrueCrypt.

Remember that any laptop can have any data on it stolen despite the presence of Windows or Mac passwords. In fact, you can  view a quick 5 minute video on YouTube on resetting the administrator password on a Mac – all by stopping the boot-up process and using a command line, resetting the system security. It is one of my favorite videos to show you how easy this process really is.

Encrypting the disks in the laptop is the only way. BitLocker (included with Vista and Windows 7 Enterprise and Ultimate  Editions) is great for this. If your laptops are using the Home version or the Business Professional version, consider upgrading to the Ultimate Edition (use BitLocker to go for memory sticks). You also need a TPM (Trusted Platform Module) chip inside the laptop. Most new laptops have this chip installed.

Encrypting Email

Unencrypted email can be potentially intercepted and read by anyone along the way. This is one reason you are starting to see governments around the world block the ability of Blackberry Email services without going through a government check point and giving them the ability to read those messages. It is best not to send sensitive information by unencrypted email. If you do need to send sensitive data by email, be sure to use software to encrypt the message. Examples of free email encryption software include PGP (Pretty Good Privacy). With PGP, users must exchange keys with each other and you encrypt the email message for individual recipients using their keys. Only that person on the other end, who has the master-key, can read the email.  There are other packages allowing both spam filtering and encryption. One of the more popular packages is Proofpoint. This package will allow you to encrypt email to all internal senders automatically and selectively encrypt emails to external addresses. Each external address has a decryption password to allow them to open and read the message. When a new email message is received, a link to a web site is provided and requires the external user to enter their password to read the email. Any reply can be automatically encrypted, ensuring the confidentiality of the email message.

Training end users in the proper use of encryption systems can be a significant barrier to successful deployment of
traditional secure messaging solutions. As with any software, there’s a learning curve involved in using encryption software – it can be a bit tricky to use, particularly for novices. Whenever possible, avoid sending sensitive data by email or storing it on portable media and devices without using some type of encryption.

Most senders of email messages do not require encryption but some with sensitive financial or legal information should be encrypted, especially during these days of cyber break-ins and wikileaks disclosures. Encryption can help protect you from unauthorized disclosure, both internally and externally.

Next up, password security and advice….


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: