Are your mobile devices secure?
This quote is from Russ Cooper's recent Security Watch column (http://mcpmag.com/columns/article.asp?EditorialsID=896):
A new survey by the London's Licensed Taxi Drivers Association reported that almost 5,000 laptops and more than 60,000 mobile phones were left in London's black cabs by passengers over the last six months. Compare this with an August 2001 report for the same area which indicated that 2,900 laptops and 1,300 PDAs were left in the six months prior.
While typically such items are stolen purely for their resale value, one can only imagine the quantity of sensitive and confidential information they contained.
What I continue to find unsettling is how insecure most consumer mobile devices are, including laptops. There has been a somewhat pervasive attitude in the desktop computing world for a while now that once someone has physical access to your machine that it is already compromised. I buy into that line of thinking to some extent but with the sale of laptops outpacing desktops, information workers are very mobile and therefore very vulnerable. I'd hate to think about the potential consequences of mortgage brokers, investors, financial advisors, and lawyers who forget their devices in a cab. Or even developers - hey, there's IP on our laptops!
For Windows users, the encrypting file system (EFS) would add some extra security. But I would hesitate to recommend EFS to someone who was not part of a managed environment with a domain and system administrators who can assist with key or data recovery in the event of a forgotten password.
This aspect of computing has to get a lot better. I will be a lot happier when mobile devices start shipping with encryption turned on by default and biometric sensors for authentication (or at least password reset).