• E-mail
• Print
• RSS

Know the responsibilities that come along with using mobile devices

HIPAA Training Advisor, February 9, 2006

Know the responsibilities that come along with using mobile devices

IS officers and network administrators should establish and document policies that address the use of mobile devices and the users' responsibilities, according to the National Institute of Standards and Technology (NIST), at www.nist.gov. The policy should cover

• approved uses
• information that devices are allowed to store
• software programs users can install
• proper storage for devices and associated modules
• proper password selection and use
• procedures for reporting a lost or stolen device
• disciplinary actions that may result from misuse

According to the NIST's recommendations about wireless security, organizations should also perform random audits to track whether devices have been lost or stolen.

To help prevent loss or theft of devices, include physical security in your policy, says Kevin Beaver, CISSP, independent information security consultant with Principle Logic, LLC, in Acworth, GA. First, users must never leave devices alone, he says. Second, users must be aware of their surroundings and make sure that people sitting nearby cannot easily view information on their devices.

Another aspect of physical security is storage. Mobile-device users should have a secure area to store devices while they're not using them. A desk with drawers that lock or a file cabinet with locks are available in most offices and should provide sufficient physical security against theft from within the office environment, according to the NIST.

Galvanized steel cables and locks are also available to secure devices to the users' desks, if other physical controls are not available. And while traveling, staff using mobile devices should store them in hotel room safes.

• E-mail to a Colleague
• Print
• RSS
• Archive