Blog

Home > Blog > Secure Your Portable Business
RSS Feed

Secure Your Portable Business

Posted by Ron Arden on August 7th, 2012
Posted in: Blog, Cloud computing, Data breach, Document security | 2 Comments

Secure Your Portable BusinessThe days of sitting in your office and working on a desktop computer are long gone.  The laptop has become the computing tool of choice for most people, but now smartphones and tablets are augmenting or replacing it as business is done from anywhere, at anytime.

Mobile devices and cloud computing are fueling our ability to get work done wherever we are.  There is freedom in sharing documents across your many devices by tapping into cloud services, like Dropbox, Google Docs, SkyDrive, iCloud and Box.  It makes it simple to collaborate with colleagues and business partners no matter where they are, what time they want to work or what device they use.  But there is also risk as more information floats freely around the Internet and on mobile devices. 

Two recent incidents illustrate this well. 

  1. The Oregon Health & Science University Hospital (OHSU) in Portland had a USB thumb drive stolen with confidential information from 14,000 patients and 200 OHSU employees.  The thumb drive was stolen from an employee’s home during a burglary.  The employee unintentionally took the USB drive home and the thieves took it while ransacking the place.
  2. On August 3, 2012, Wired’s Mat Honan had numerous cloud services hacked through some social engineering and poor password recovery policies and spent the weekend trying to get his digital life back in order.  Hackers convinced Apple tech support that they were Mat and were issued a temporary password to access his iCloud account.  Since Mat stores a lot of information in there, the hackers got access to his Gmail and Twitter accounts as well as issuing a remote wipe command to Mat’s iPhone and MacBook.

When things like this happen, some people want to condemn the technology and say they are not safe.  Don’t use the cloud!  Stop using USB drives!  Let’s all go back to pencils and paper!

It’s a bit of a knee jerk reaction, but understandable when faith in trusted technology fails us.  In both cases, there were policy and process flaws to blame in addition to problems with the technology. 

In the OHSU case, there was a process breakdown because the employee was allowed to take the USB drive out of the building.  If OSHU had encrypted the information on the portable device, it would have nullified the first problem.

In the case of Mat Honan, he admits that he was a bit lazy about security and that he had all his accounts tied together.  He used Gmail as his password recovery account for numerous cloud services and they were compromised when his iCloud account was hacked.  Access to one of his accounts gave hackers the keys to the kingdom.  This doesn’t excuse the lax approach Apple had to giving an impostor a temporary password, but shows again that process and technology both failed.

Since businesses will continue to use mobile devices and cloud services, make sure you follow a few simple rules to safeguard important information.

 

Using portable devices and cloud services makes everyone’s life easier.  It allows us the flexibility of doing business anywhere.  Data breaches and hacked accounts shake our faith a bit and hopefully make us think more about persistent information security.  We hate thinking about all of this and just wish it would take care of itself.  Until everything magically encrypts itself and limits our access, we need to lock a few of the doors to prevent the bad guys from getting in.

 

Photo credit bengals85n9



This entry was posted on Tuesday, August 7th, 2012 at 2:51 pm and is filed under Blog, Cloud computing, Data breach, Document security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

  • Ken Usman-Smith

    Naming Conventions, To Do Lists, 7 stages of this and 5 principles of that.Don’t forget in juggling hard facts and data and securing them as the explosion of channels continues, its for helping people’s organic and messy behaviours at work and at home. If you do not remember that, then hard facts will that crush organic growth and development, and kill off innovation and any lead the business may have had. Although over time innovation grows through the cracks in the rigid infexible structure, strangling it! So we need to have a middle way where security is core, but its sitting behind every keystroke and ‘conversation’ as at its basic level business is all about that, the conversation with our stakeholdersBut how much times been wasted in the process of fixing the gaps and problemsd. Remember without getting philosophical no one knows how much time they have, its organic too and every moment in our job is our las, as its now that delivers, the past is gone and the future has not happenedt!

    SO BOTTOM UP IS KEY, HOW DO YOUR PEOPLE AND BUSINESS BEHAVE AND HOW CAN WE KEEP THE CONVERSATION GOING SECURELY THROUGH THE MEMBRANE OF ALL THESE NEW CHANNELS AND GADGETS, HOW CAN WE KEEP IT POROUS? Map it around the customer, map each process and the channels and and share and control versions, but seamless and invisible is the way, let people work for the customer and the business, not be slaves to process and proceedure which should fit in adding value, not adding work! Talk should be at the heart of the business, and the heart of the systems you build, its good to talk, just be sure who to…….

  • Pingback: Time To Change Your Passwords | eDocument Sciences