Everybody loves mobility. Employees love the freedom of being unshackled from their desks. Employers love reducing travel-related disruption. Vendors and their partners love the expansion of new specialized markets. Crooks love the opportunity to get at your hardware. Even as companies begin to recognize the need to defend their networks, they often miss the new threats posed by an increasingly mobile workforce.
The most obvious of those threats is laptop theft. Rapid improvements in low-power processors have transformed the laptop from a relatively exotic interim solution into a common replacement for a desktop box. As a result, laptop hard drives are a regular cornucopia of sensitive data, ranging from passwords and encryption keys, to business plans and financial data. Moreover, their very portability makes laptops an extremely tempting target that can be snatched easily.
Almost as dangerous, but almost universally overlooked, is the risk of PDA theft. While usually not as cram packed with sensitive data as laptops, they often hold stored passwords, client and contact lists, meeting notes and personal information. They are also an even easier target for thieves, and often slip beneath the radar of corporate security policies.
A colleague of mine recently suffered a catastrophic security breach despite a very aggressive defense posture. It took weeks to track the break-in to a systems administrator who had “misplaced” a PDA containing an unencrypted list of passwords and hadnt thought to mention it to anyone.
A third problem lies in securing the connection between a mobile machine and your network. Mobile users have a variety of options for connecting to the Internet, but few that are particularly trustworthy.
Rented landlines in hotels and coffee houses are often easy targets for attackers. Cellular modems and other wireless connections are vulnerable to interception. Dial-up modems accessible to the mobile user create a serious weakness in perimeter defenses and can be difficult to secure with common techniques like dial-back requirements or caller-ID filtering.
The security of your mobile machines is largely in the hands of your mobile users. Therefore, your most effective weapons are user education and relatively simple encryption tools. Though laptops, PDAs, and their successors will probably always be seriously vulnerable to theft, a seasoned road warrior can reduce that risk significantly simply by being conscientious.
Finally, remember that when it comes to mobile security, you face a much more dangerous opponent. The great majority of attackers pounding away at your network firewalls are teenagers looking for a digital joyride, but the attacker who steals your laptop is probably a determined criminal looking to take you for a ride.