Mobile Computing Risks: Part 1
I am in an airport as I write this blog entry and am using a laptop to do so. All around me are people using laptops, BlackBerries, BlueBerries, Personal Digital Assistants (PDAs), smart phones, and more. I seriously wonder how many of them understand the level of security risk associated with their use of these devices. The risk of theft or of devices being lost is one of the greatest. According to recent statistics I have seen, approximately 40 percent of mobile devices are lost or stolen within two years of their purchase. Once when I was in a hurry to catch a flight, I somehow left my laptop at an airport security screening counter. I blissfully gathered my things (except, of course, for my laptop) and went running for the departure gate. It was not until early the next day—when I was supposed to start teaching a course—that I noticed that my laptop was missing. Believe it or not, I was able to get the computer back. I asked my wife to go to the airport to retrieve it. She showed identification that indicated she had the same last name and address as myself, but giving her the computer was against the rules. Instead, the airport security guards had to mail the computer to our home address. I was lucky, but a large percentage of people who did what I did are not.
Had someone stolen my laptop, that person would not have found much information of value on it. To the best of my recollection, there was almost no personal information, nor was there any kind of proprietary information. The only things of potential value were a number of course materials that I had developed. These materials could potentially be worth something to a dishonest training outfit or person. But in too many cases, lost laptops and other mobile devices result in major data security breaches that cause major financial loss as well as severe disruption and inconvenience to individuals whose data are compromised. BlackBerries, PDAs and smartphones are more easily stolen or lost than are laptop computers, and personal and/or valuable information is increasingly being stored on them. It thus appears that we have in reality only started to see the dire implications resulting from lost and stolen mobile computing devices.
At the level of mobile computing users who own their own devices, I honestly doubt that much (if anything) can be done about the risk of their devices being lost or stolen. The good news at least is that if they lose their own devices or if the devices are stolen, they usually will have lost only a piece of hardware, not personal and valuable information. The same is not true for lost or stolen devices owned by corporations and government agencies, however, so introducing risk intervention measures here makes considerable sense. Strangely, these entities often do little if anything to address mobile computing risk. One recent study showed that 68 percent of all companies survey have done nothing to make mobile devices more secure. In short, the world sits on proverbial time bombs when it comes to many issues—world peace, the price of oil, global warning, and much more. It appears that another such time bomb is mobile computing risk, and the problem is bound to become far worse. What I fear is that the gap between what is needed to secure mobile computing environments and the present, lamentable lack of controls has gotten so large that the problem is already far out of control.