Portable devices are now pervasive at nearly every company, and keeping them secure through encryption and other means can be a challenge, particularly as new threats keep popping up. Here are some common problems that can stymie any data center manager and some solutions that can keep a small to midsized enterprise’s mobile devices safe.

Get Creative With Security Training

Despite admonishments from the IT department and scores of media articles about data security and identity theft, some users still engage in unsafe behavior such as circumventing security protocols or downloading suspicious-looking attachments.

“The first thing to recognize when doing security for portable devices is that the people inside the company have to be considered,” says Michael Greene, vice president of product strategy and business development at PC Tools (www.pctools.com). “Simply going to a bad Web site could be enough, or they open emails that they shouldn’t. They’re always attracted by some neat little download that could be a major headache for your company.”

Employees are familiar with policies and procedures, but for training to be meaningful, it also has to be memorable. Get creative with online resources by adding humor to online quizzes, setting up a reward program for whoever gets 100% of the questions correct, and posting the results of the top winners in the lunchroom. By adding a dash of fun to the training, it will seem less like a chore.

Beyond training, SMEs can also take a large chunk of responsibility out of the hands of their employees, says Eric Skinner, chief technology officer at Entrust (www.entrust.com). One example, he notes, is the use of time-based tokens that allow employees to only be online for a certain amount of time before they have to authenticate their identity again.

“You don’t want a complex policy,” says Skinner. “They tend to get in the way, and it won’t be followed unless there’s constant enforcement. Instead, keep it simple and use other tools.”

Resolve Poor Interoperability

Being able to do upgrades and tech support for smartphones and laptops often requires a number of applications, including those that offer remote access and diagnostic capability. Adding in more products such as antivirus and antispam software, authentication and encryption tools, and optimization and performance tools can create a mix that makes security challenging.

Having a number of applications can be tricky because they might not layer over each other very well, or they could leave security gaps. Instead, some experts believe it’s better to stay lean but full-featured by opting for a management package that includes many layers of security, including encryption and authentication.

“Security is always a cat-and-mouse game,” says Greene. “The trick is to put layers in place so that if someone is targeting one area of defense, there are numerous other areas keeping the system secure.”

A well-layered program can consist of security controls such as encryption combined with policy enforcement that can be tweaked according to changing needs. Even if a company doesn’t require numerous security controls, just having them in place can be a deterrent, Greene adds.

“Think of a thief who looks at a house that has a barking dog out front and an alarm system, and then he sees that the house next door has a big, unprotected plate glass window,” he says. “Which one would he break into? The dog and that alarm system might not be used, but they’ll be noticed.”

Implement Remote Data Wipe Capabilities

Implementing robust encryption on a portable device is ideal, but if the machine is lost or stolen, it’s often advisable to be able to delete as much data as possible. Even if a thief can’t get into some of the sensitive data because of the encryption, there’s still the chance that it can be hacked.

Being able to wipe away data, even if there’s no clue as to the location of the device, is a powerful security measure, says Cam Roberson, director of marketing communications at data security firm Beachhead Solutions (www.beachheadsolutions.com).

The only drawback to relying on remote data wipe tools is that the device often needs to get onto a network in order to be cleaned. If a thief downloads information without going online, there could be some danger, but even in this case, there are some applications that can be used.

“An IT department can create a set of triggers, such as input of the wrong password a certain number of times followed by an attempted download of files,” says Roberson. “This would invalidate the encryption key or even destroy all of the data. It might seem extreme, but when you hear about compromised data because of a single stolen laptop, you begin to see that it makes sense.”

by Elizabeth Millard