How Secure is mobile Data?


Using mobile data raises a number of security issues, not just with the technology, but also with the user practices. The actual radio network and the mobile operators data network are pretty secure - with very few security problems. They usually run very sophisticated firewalls between the mobile network and the Internet which have a good track record for preventing uninvited access (from the Internet). The weakest link is the device itself where the user may install applications with uninvited content or viruses/trojans. Once these applications are running on the device the network firewalls have very little chance of preventing unwanted data usage or theft.

Best practice

Accessing company data from a mobile device encourages different work practices as it becomes convenient to work in many different places. This has its own inherent risks such as being overlooked while working on a train (I have done this - reading a competitor marketing report on their laptop, when they sat next to me on a train to London). Having a laptop or phone stolen after it has been logged onto your secure network will give the thieves access to your data until they are kicked off, or the system times out! Though inconvenient for users having a short time out on your GPRS access will help with this.

Overlooking: - Using mobile devices in public places will put you at risk of this - always consider who may be watching. It is possible to purchase laptop computers which have a particularly narrow viewing angle preventing others from seeing the screen.

Theft of device: - Using a flashy smart phone or PDA in public, especially with a always-on link to your company network, invites theft. If you have bluetooth you can keep your phone/PDA locked away out of site, and communicate through a bluetooth headset.

Loss of device with unsecured copy of data: - Make sure all data stored on your laptop or PDA is encrypted with password protection - native windows security is not good enough - either use a third part encryption product to encrypt all your data making it unreadable without your password (though not impossible to crack). An alternative is not to store any sensitive data on your hard disk - use a secure 'Webmail' service to view emails using your browser and do not store them locally.

Hacking from the Internet: - Your GPRS network supplier will provide a network based firewall to help prevent this, but it can not be totally secure as it is difficult to differentiate between legitimate users and would-be malicious parties. - Always run a personal firewall, and virus scanner. Company networks should be accessed using encryption such as SSL or VPN for Internet based data and WTLS for WAP based data.

Running of Trojan software:- Letting malicious software (albeit unknowingly) onto your machine from either a web site or Email attachment will provide someone access to your data - always run a Virus scanner and firewall - to help prevent this happening.

Device Security

Having an 'always-on' Internet connection is a potential security problem. Your mobile data network provider will usually try to help by providing a Firewall between their data network and the Internet, but this must be configured to allow valid services to work, and hence may be exploited by third parties to gain access to your machine. If you are using a PC you should utilise at least a virus scanner and Firewall. Smartphones and PCs should always use a "strong" password to enable access - i.e. one that cannot be easily guessed.

Network Security

Your business network will have a firewall protecting it from unauthorized access from other Internet users. GPRS users will require permanent access to your LAN from the Internet, and this raises serious issues as it could potentially open up the Firewall to unauthorized users.