mobile security

Hospital staff in Nottingham have issued a warning after a laptop was stolen which contained confidential patient data. The data includes names, addresses and dates of birth of some 11,000 children from the Newark, Mansfield and Ashfield areas. The hospital has contacted all affected familes and has setup a helpline. It also said it is very sorry for what has happened.

Now, I have reported on laptop thefts before, and will continue to do so in the future and this story has similar hallmarks to the Nationwide laptop theft which occurred last November.

Point no.1 The NHS is the biggest employer in Europe - yet their security policy obviously does not contain any statements about mandatory disk encryption. But apparently thats OK because according to Wendy Saviour, the PCT’s Chief Executive, the laptop was password protected (yeah OK). What I want to know, is how does the biggest employer in Europe have such crap security?

Point no.2 Apparently the NHS is very sorry about this. In this day and age, these kind of events should not be happening. This is a fundamental failing in the system. Laptops always have been and always will be hot potatoes. Easy to steal and easy to sell on. Many moons ago when I was a student, I used to work in PC World in the UK and every weekend we would have several people come into the store to ask ‘do you sell power supplies for IBM model X or Compaq model Y. Initially (until the penny dropped) I was amazed by how many people would loose their power supplies!

Come on NHS. You are legally obliged to provide patient confidentiality. There is no excuse for such lax security.

Powered by Gregarious (41)

I just found this article (I’ve been out of the loop for most of February) and couldn’t help but write something. If the claims in here are to be believed, we are in the middle of a mobile virus pandemic. There are some very interesting statistics:

The Situation Today
The purpose of the study was to discover to what extent mobile operators are affected by mobile threats. The findings revealed that:

* 83 percent of mobile operators questioned have been hit by mobile device infections
* The number of reported security incidents in 2006 was more than five times as high as in 2005
* The number of mobile operators in Europe and APAC reporting incidents affecting more than 1,000 devices more than doubled in 2006
* 100 percent more operators spent over $200,000 on mobile security in 2006 compared to 2005
* The number of mobile operators estimating that the cost of dealing with mobile threats is more than 1000 hours increased by 700 percent

Good grief! This all looks like pretty hairy stuff. And there’s more…

Nearly one-third (29 percent) of operators stated that subscriber satisfaction had suffered more than any other factor including revenue. The second most serious impact from mobile malware infections was on network performance.

Revenue? Network performance? Switch to DEFCON 1. Get me the president!

Whilst I will agree that mobile devices are becoming more of a target, it doesn’t mean history is going to necessarily repeat itself (with respect to Windows), although that’s not to say MS mobile platforms couldn’t do without a patch or two.

And perhaps McAfee could update their mobile site. Are they really are the only company in the world to have deployed a mobile suite? I think not.

UPDATE: It seems someone at McAfee took heed and their mobile site has been updated.  Original web page text from here.

Powered by Gregarious (41)