Trends in Tech Fraud Schemes, Part Two

Electronic Crime Gone Mobile

By Cynthia Harrington, CFE, CFA

Users of personal digital devices are threatened. Companies need protection against employees misusing the technology. Individuals need to worry about identity thieves accessing personal data stored on the devices. Here are the latest handheld security measures that fraud examiners need to know.  

In April 2005 an embarrassed chancellor apologized in writing to 98,000 University of California-Berkeley students and applicants whose records had been stolen. The intensely personal information contained in the records and school applications had resided on one laptop that disappeared from a school office. Investigators believed that the thief was after the hardware but ended up with so much more. The school instituted strict security policies after the breach but the confidential data was gone forever.

Even an executive of a handheld security software firm needs special tools and procedures in dealing with his personal digital device. That's what Mark Komisky, CEO of Baltimore's BlueFire Security Technologies Inc., discovered on a recent trip through O'Hare International Airport in Chicago.

His iPaq 6315 Pocket PC went missing. In the cab or somewhere in the airport was his small pocket phone with a miniature keyboard, containing his e-mails, details of his company's strategy, Social Security numbers of his wife and son, and phone numbers for high-level executives at client companies. "Those little things are awfully easy to lose," says Komisky. "It's terrifying."

Mobile devices that hold multiple gigs of data as well as access computer networks are springing up faster than dandelions in the spring. Cell phones, personal digital assistants, music players, and thumb drives hang from teenage ears as well as expensive briefcases. Individuals own the devices and companies provide them to employees. There's an accelerating trend to integrate all media into one device. And despite the fact that the objects are getting smaller, the storage capacity and ability to connect to other devices is expanding.

Both the small size and giant functionality of mobile devices offer an opportunity for fraud. Employees pose an entire spectrum of possible challenges to company security by misusing the devices.

Komisky sets out the main areas of concern. His company makes mobile device security products, including an integrated security solution with authentication, encryption, integrity monitoring, firewall, VPN, logging and central management. First the data stored on the device can be at risk. Secondly, the device might contain information on getting access to secured company networks. Finally, the device might access the network directly. "One employee's device doesn't have to be physically stolen to lose data," says Komisky. "If the devices are on the same network the entire theft can occur electronically."

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.

 Your Rating:
Your Review: