Tuesday, November 18, 2008

Smartphone Best Practices

  • Company PDA security policy outlines how handheld devices should be used. Include where the devices can and cannot be used, what information can be stored on the devices, who is allowed access to what, how to create strong passwords, and specific programs and applications that may be downloaded and used.

  • Use file encryption and authentication. If data is lost or stolen, that information will be unreadable without authentication and use of a decryption key. Most devices are equipped with these security features, but third parties also offer data encryption that's more difficult to crack.

  • Only beam, or transmit data, from and to protected sources. If one source has a virus, you risk 'crosspollination.' In other words, if data from a PDA has a virus, it could be introduced to the network when the device is synched to the desktop.

  • Synchronize your device with a desktop or laptop on a regular basis to prevent data loss. Think of the desktop or laptop as a first level backup system. Then, if your handheld does get a virus or data is corrupted, you only lose a small amount of data--or none at all.

  • Run antivirus software on the desktop, laptop, and handheld. Configure the antivirus program to run continuously and to alert you when malicious code is detected.

  • When remotely connecting to a business network, make sure to go through a VPN client. In doing this, you are protecting the wireless transmissions from intruders as well as the data in transit.

  • If you store highly sensitive information on your PDA, consider installing bit-wiping packages. Bitwiping overwrites the entire device memory, essentially, reformatting the PDA so data cannot ever be recovered. You can configure bit-wiping to occur when there are too many failed password attempts or when the PDA hasna't been synchronized in a set timeframe.

  • Download only from trustworthy sites. You should always be wary of free downloads, whether for desktops, laptops, or PDAs, from unfamiliar sites. Read EULAs thoroughly and note whether or not adware or spyware is bundled with the application or program you are downloading.

  • The most basic method of accessing data on a handheld device is directly through the device's user interface. The first thing you should do when you start using the smartphone or PDA is change the default password. Use strong passwords as a first line of defense, which should include upper and lowercase letters, numbers, and symbols. Configure the password setting for power-on, meaning you need password authentication when turning on the device and when the device has been idle for a set period of time.

No comments: