The art of protecting mobile data

By Muthoga Kioni

The power of mobile computing has resulted in tremendous flexibility and productivity at work. Laptop computers and sophisticated mobile phones have allowed us to perform functions that were previously unachievable.

Mobility, unfortunately, has brought new and serious challenges in corporate information security and privacy.

It is now common for companies to give employees laptops as replacements for their desktop computers. Powerful mobile phones are also provided to maintain constant e-mail communication. This has resulted in vast volumes of corporate information being delivered and stored electronically. A dramatic upsurge of laptop theft has been witnessed in Nairobi.

Beyond the loss of hardware, the greatest concern is the value of data and the unauthorised access available through a company laptop.

Unauthorised access to a company’s customer database can be achieved by use of a stolen laptop. Your personal data can also be used to commit identity theft. These scenarios demand a layered approach to mobile computing security where data protection is also included. This approach encompasses compliance, protection and recovery.

Exposure to lawsuits

Compliance is observance of mobile data protection regulations and to provide an easily accessible audit trail. To ensure compliance, companies must protect data, track the mobile hardware and their users, provide auditing capacities and maintain historical records.

The Kenya Communications Act and the Communication Commission of Kenya’s regulatory framework are good starting points. Non-compliance exposes organisations to lawsuits in the event of data loss.

Data loss from a stolen laptop can be prevented by encryption.

Encryption, however, fails to protect sensitive information in cases of internal theft. For external theft, encryption only delays access to sensitive information. To ensure total protection, a multi-faceted approach of combining encryption, strong authentication and deployment of asset-tracking software is recommended. Asset-tracking software tools are able to track and recover stolen laptops. They also monitor any changes or disappearance of computer memory, hard drives or peripherals.

Companies should have in place procedures to guide law enforcement officials in the recovery process. A fully functioning Cyber-Crime Unit of the Kenya Police would be able to increase the asset recovery and prosecution capacity.

This multi-layered approach will ensure that mobile asset and data protection controls are in place and reduce exposure to legal action.

The writer is an ICT Security and Forensic Specialist. Email: [email protected]