Portable storage devices pose security threat

19.01.2006
Have you been following the story about cell phone records being sold on the Internet? The Chicago Sun-Times published an interesting article on this not long ago, but this outrageous practice has been going on for quite some time.

In essence, anyone with a credit card and a cell phone's telephone number could get in touch with the Locatecell Web site (or others) and, by paying US$110, quickly receive a list of all the calls made from that phone over a one month period.

I say "could," in this case, because according to Mobile Tech News, Cingular Wireless -- one of the telcos affected by Locatecell -- has filed a lawsuit against Locatecell's parent company, Data Find Solutions, and another phone-number reseller, claiming that those phone records were stolen. Cingular has also obtained a temporary restraining order against the two companies to prevent future use and sale of the cell numbers.

It's unclear at the moment how those phone records were obtained (and I am not going to speculate when there is an ongoing court proceeding), but that story is a clear indication of how easily customer information can be disclosed.

Replace "phone records" with any other valuable customer data (bank records, engineering records, purchase records, order histories, etc.) and a similar situation becomes possible right in your own company.

"Companies have been overlooking the fact that a lot of the company data is on personal storage devices, such as USB drives," says Nimrod Reichenberg, director of marketing for corporate solutions at M-Systems. (If you aren't familiar with M-Systems, here's what you need to know: The company has been a pioneer in developing flash drive technology.)