As smartphones become more sophisticated and you're able to do with more with them, the security you have on them should be as effective as it is on your computer - after all, you don't want top secret documents to fall into the hands of a competitor.
If you work in a regulated environment, such as financial services, you'll be liable for a fine or worse if it does. If there is unencrypted, personally identifiable customer data on your phone, such as an address or credit card details, you are in breach of the Payment Card Initiative (PCI) standards.
There is no technology to make people less likely to lose their phone, so encryption is the only way to protect data held on it. Even if the user doesn't immediately report their BlackBerry lost or stolen, anyone who finds the device can't read what is on it, giving the owner time to execute a remote wipe.
Data traffic between the BlackBerry Enterprise Server (BES) and handsets is automatically encrypted; by default, the server generates the master encryption key and the message key used to encrypt and decrypt the traffic.
Company IT administrators can also force their BlackBerry handsets to encrypt user and application data stored on the devices. Turning on content protection in the Content Protection Strength IT policy rule in BlackBerry Manager, on the server, will protect calendar and contact entries, emails, memos and tasks, the browser cache and saved web pages, plus AutoText entries, in case these are used for legal 'boilerplate' or company details. For further security, set the Force Content Protection of Master Keys IT policy rule, which will make the handset encrypt the master key it uses to encrypt those files.
Many BlackBerry handsets have memory-card slots, so don't forget to protect files on removable cards. Set the External File System Encryption Level policy rule and choose whether to use a randomly generated key, the device password or both to encrypt the files. You may also want to use the Disable USB Mass Storage IT policy rule to stop users putting their handsets into Mass Storage Mode. This mode allows files to be dragged directly on to the storage card using Windows Explorer, rather than transferring them through the BlackBerry Desktop Manager, but the files won't be encrypted.
Users can encrypt their own devices by choosing Options > Security Options > General Settings > Content Protection - this will protect files stored in their handset's internal memory. To encrypt files on the memory card, select Options > Media Card or Options > Memory > Media Card Support, depending on which version of BlackBerry software you have. With older versions, files will be encrypted if they are in the videos, music, pictures, ringtones and voicenotes folders. With version 4.7 or later, all audio, video and image files will be encrypted unless they are already protected by Open Mobile Alliance (OMA) DRM (.DCF, .ODF, ,04A and .04V).
Force encryption of local files in the BlackBerry Manager by setting the Content Protection Strength IT policy rule.
Use the External File System Encryption Level IT policy rule to make sure files on memory cards are protected.
Turn on encryption of files on your own BlackBerry by setting the Security Options.
No comments:
Post a Comment