GOVERNMENT TECHNOLOGY/A less risky business

While wireless computing increases government employees’ flexibility and, hopefully, productivity, it also increases security risks. By being aware and taking an ounce of risk prevention, local governments can protect sensitive data from security breaches.

Hand-held computers share many security issues with desktop computers, such as viruses, trojans and worms, physical theft, data theft and authentication exploitation. However, because wireless communication is broadcast over radio waves, hand-held computers are more subject to security breaches by unauthorized users who may gain access to data transmissions from a public location, such as a parking lot or adjacent offices.

Simply by being in the vicinity of an unprotected wireless network, an attacker can break into the network without any special skills. Also, operating systems for many wireless devices are slimmed down to fit in small places, which makes them less complex and easier for hackers to manipulate.

Local government IT departments can take several steps to protect data and transactions sent to and from wireless devices. First, a risk assessment should be completed for both wired and wireless infrastructure to identify any holes that need to be plugged before going mobile. Typically, the assessments include “attacking” the network to find holes. The network infrastructure, applications and core systems should be analyzed to establish the state of internal security and examine the external threats to specific applications and network security.

Once assessments are complete, a comprehensive security policy should be established before the first hand-held device is distributed. The security policy should define authorized users of wireless technologies. It also should include access procedures and policies, standards and security configurations, approved platforms, guidelines for password use, authentication and encryption technologies, and guidelines for minimizing device theft and its impact. The policy also should outline security tasks and identify specific groups and individuals that need to respond to threats, breaches and attacks.

Before the IT department distributes the wireless devices, it should load all applications onto them with little, if any, modification. That ensures that reprogramming will not affect security.

Educating individuals who will use the wireless devices also is important to minimize security risks. Users may unintentionally provide access to sensitive data if they do not know about specific security risks. Training can include how the device works with the network, potential security risks, and what to do when security is breached.

Finally, IT departments should take advantage of the latest advances in intrusion detection systems, firewalls, anti-virus software, virtual private networks and other technologies to help secure data transmissions and eliminate many of the wireless computing risks. By carefully planning, plugging holes in existing infrastructure, training users and taking advantage of the latest advances in wireless security technologies, local governments can reap all of the benefits of mobile computing without placing sensitive information at risk.

The author is chief technology officer for Atlanta-based AppForge.