By Muthoga Kioni

No other device in recent history has become more ubiquitous and pervasive as the mobile phone. It is now possible to blog or twitter from your mobile phone.

Many Kenyans have been seduced by the informality of social networking sites like Facebook or chat rooms into inadvertently revealing personal or corporate data that should have remained confidential. This has been done through mobile phones.

It is often perceived that the hardware is the most valuable component. What we fail to note is that the data the phone contains, transmits and receives is inherently more valuable than the phone itself. We need to change the approach we take to mobile data security.

We should no longer make the mistake of focusing on the device rather than the data. This problem is especially critical for companies. Individuals will at worst lose personal contact details. But if the phone or laptop was company issued, the repercussions would be far-reaching.

For companies that have distributed PDAs or Blackberries, an Acceptable Use Policy (AUP) should be formulated and implemented. This policy should, for example, regulate the number of different devices used within the company. It should also be sensible. Including a ban on the use of USB sticks in this policy is not sensible. Requiring that mobile device encryption is used to protect mobile data is a sensible component in any AUP.

Another approach, albeit slightly radical, is to simply not allow sensitive data to reside on personal devices. This approach addresses Data Leak Prevention (DLP) by allowing organisations to see exactly where confidential information is stored and how it is used. It is also possible to monitor and ensure that data does not leave the network boundary through PDAs, USBs or other media devices.

As an individual, you should also have your own mobile security strategy. It can involve using mobile encryption, tagging or frequent deletion of vital e-mails.

Data security in mobile devices has recently come into sharp focus due to the rich data hunting ground provided by the increasingly powerful mobile phones and laptops we carry around. Get ahead of the game by formulating a mobile security strategy for yourself and your company.

—The writer (bmuthoga@hotmail.com) is an ICT Security and Forensic Specialist.