• United States

Security risks of mobile camera phones

Mar 17, 20042 mins
Cellular NetworksNetwork SecuritySecurity

* Mobile camera phones: Creating a policy

Last time, I discussed the futility of attempting to outlaw mobile camera phone use in enterprises to avoid the security and liability risks they pose.

I consider mobile camera phones to be just one more enabler of potential security breaches. Security risks will only multiply as technology gets smaller and more innovative. The cool communications tools that become available to make employees more productive also represent new opportunities for someone else to exploit them for wrongdoing.

So what are some of the security concerns at hand with the camera phones? To name just a few:

* Someone could snap and transmit photos for reconnaissance, such as the location of surveillance cameras and alarms.

* Pictures of how you have organized your manufacturing floor, warehouse, or other location for strategic advantage could give your competitor ideas.

* Photos of the department hunk or sweetheart snapped in the office and circulated on the intranet/Internet could set up the company for a sexual harassment suit. (Not a new problem. Consumers with home pages frequently stir up the ire of family and friends when unflattering pictures are posted for the world to see.)

For additional blackmail potential of camera phones, see Network World Fusion Executive Editor Adam Gaffin’s “Compendium” from earlier this month:

Video aside, a “Wireless in the Enterprise” newsletter I wrote nearly two years ago noted that visitors with some access privileges (like consultants) and a dual-mode Wi-Fi/cellular network card in their laptops pose potential threats. These folk could transfer information via a cellular link to who-knows-where, completely bypassing the corporate firewall and VPN.

The addition of video only expands the possibilities.

The place to start is whether you should set up security policies for unobtrusive communications devices like camera phones. If you decide you need a policy, here are a few questions to consider:

* Will the policy apply to both employees and visitors?

* Who will be responsible for enforcing the policy – and what will be the procedure for doing so? (Honor system, full-body searches…)

* How will you educate employees and visitors about the policy – and what will be the repercussions of a violation?

* Will the policy apply enterprise-wide or only in certain locations?