• E-mail
• Print
• RSS

Technical safeguards for mobile devices

HIPAA Training Advisor, January 25, 2006

Organizations that choose to allow the use of mobile devices must have policies that provide minimum standards for use, says Kevin Beaver, CISSP, independent information security (IS) consultant with Principle Logic, LLC, in Acworth, GA. Part of your policy should cover required technical safeguards, including the following:

• Power-on passwords. Passwords for turning on a device provide a good first layer of security, Beaver says.
  
  
• System passwords. Beyond having a password for turning on a device, require log-on passwords for operating systems (e.g., Microsoft Windows®), he says.
  
  
• Hard drive/storage device encryption. This is a must in the event of loss or theft, says Beaver.
  
  
• Antivirus/antispyware software.
  
  
• Personal firewall software. "If you don't have it, a hacker could connect right into the system and do a lot of damage by stealing or deleting information," he says.
  
  
• Network encryption. This applies more to wireless devices, Beaver says. Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP) are examples of protocols for securing wireless networks. WEP is not ideal but should be a minimum requirement, he says.

Keep in mind that some devices don't support certain security technologies, Beaver adds. "This is something you need to consider before purchasing a device."

Editor's note: Adapted from "Don't let mobile devices walk away with important information," Briefings on HIPAA, January 2006.

• E-mail to a Colleague
• Print
• RSS
• Archive