I logged on to see what data security news was circulating today, when one caught my eye: Tom Cruise’s BlackBerry Lost! Despite finding hundreds of blurbs across media sites worldwide (he must be a major international star…), there weren’t too many details. It turns out the incident was a non-news event. Despite the hundreds reporting the communications device was lost, some are reporting that the BlackBerry was eventually recovered (initial reports announced that a search hadn’t turned up the lost item). So much for the possibility of some random guys learning the numbers to Scientology head-honchos.
Or, would they? The thing about BlackBerries is that the developers did put some thought into data security. To begin with, they offer a disk encryption software feature on the devices called “Content Protection.” Similar in function to what AlertBoot does for notebook computer encryption, it will encrypt everything in the BlackBerry: emails, calendar items, address book, etc. -- everything.
The pros? Security is pretty much guaranteed as long as the password to access the information is strong enough. The cons? The stronger the encryption, the slower everything becomes on the BlackBerry; I’ve read of one or two cases where a BlackBerry essentially comes to a halt when using the strongest encryption levels. The trick is to find the right balance. I’d say go for the lowest setting: at 160-bits, it’s stronger than what on-line retailers and banks are using for transactions (128-bits).
The other big weapon in the BlackBerry’s security arsenal is the device password. Now, anyone who follows this blog knows by now what I think about password protection. But it works a little differently for BlackBerries. To begin with, there is no way for a user to bypass a BlackBerry’s device password. (Unlike your computer’s Windows log on prompt, which is pretty easy to bypass…and which is why password protection on computers is not protection.)
Plus, there is a limit to how many times you can enter a password. Enter the wrong one ten times in a row, and you’ll have to restart your BlackBerry, at which point you’ll see “JVM error 513.” What this message means is that “all of the data and applications on the BlackBerry smartphone have been deleted.” This is unlike a Windows prompt, which will allow you to enter as many passwords as many times as necessary -- unfortunately, if criminals try guessing long enough, and they’ll be able to access the machine.
Who’s gonna try typing in millions of combinations? No one…cause “they” have computer software for such mundane jobs. (Well, actually, the smart ones will bypass the password protection, but everyone has their preferred method of doing stuff….)
The past year has shown us plenty of instances where celebrities lost, or thieves stole, their digital devices. The fourth installation of Indiana Jones suffered a breach weeks prior to the film’s launch in theaters, and Salma Hayek lost a personal laptop which had little to no protection. And then there was the Paris Hilton-Sidekick thing from a couple of years back.
The need for information security, however, is not just relegated to celebs. I’m reading a book called “The Art of the Steal” by Frank Abagnale (you may recognize him as the Leo DiCaprio character in “Catch Me If You Can”). Although first published in 2001, he’s got plenty of identity theft horror stories concerning ordinary people (plus, example upon example of how criminals con the general public), as well as how he had his credit card number lifted on-line (just once, though). In the eight years since, the problem has grown from a little-known problem to something on everyone’s minds (Abegnale, by the way, called it. He knew this would be the greatest fraud-related headache the USA would face in the future. That future is now).
So, what can you do to protect yourself, short of becoming Tom Cruise (who had legion looking for his lost smartphone) or doing all of your business via a BlackBerry? Quite a bit actually.
First off, if your job requires you to carry a laptop or other portable storage device with sensitive information, consider using encryption software, either full disk encryption or file encryption. Do not think of your computer’s password protection as “protection:” It’s better than nothing in the sense that a wet, glossy magazine you found on the bathroom floor is better than no toilet paper at all.
Second, never share your passwords or post them in a public place. You may trust your coworkers (whether you should is an altogether different matter), but what about the janitorial staff? Building maintenance? Outside contractors?
Third, never give out your personal information unless absolutely necessary. And I do mean necessary. Target, for example, should never be asking for such information (not that I’m implying that they do, although they did have problems in the past because they stored driver’s license numbers when items were brought in for a return). Some say, so what if a criminal gets my SSN and decides to go on a shopping spree? My credit’s already wrecked.
I’m sure it is. But you probably don’t want an APB for your name when a criminal impersonates you, commits a crime, and leaves behind a fake ID with your information. I mean, I’m sure at some point you’ll be able to establish your innocence, but if you end up in jail overnight, do you think your bunkmates are going to care?
Related Articles:http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20081211/Cruise_blackberry_081211/20081211?hub=Entertainmenthttp://www.nypost.com/seven/12102008/gossip/pagesix/toms_loss_143460.htm