Companies
must be more vigilant about employees using mobile devices – such as iPod music players and personal
digital assistants (PDAs) –
at work, security experts warned today.
A
computer forensics study into the latest Mini iPod, conducted by corporate investigators The Risk
Advisory Group (TRAG), shows that mobile devices can be used to easily download
vast amounts of confidential company information.
With
more than four million iPods
sold, TRAG is warning companies that they must be adequately protected to
ensure that sensitive information cannot be obtained by their staff and any
visitors who could have access to a company’s computer equipment.
Simon
Dawson, head of corporate investigations at TRAG, said: "We have
investigated numerous instances of clients being damaged by employees leaving
with a great deal of sensitive information such as financial, client and
product data.
“Technological
advances such as the iPod
make such thefts much quicker and easier to carry out."
TRAG’s digital investigations
team forensically analysed the Mini iPod
and found that:
–
text
documents, spreadsheets, graphics and voice files can be copied from corporate
IT systems onto the iPod.
The entire contents of an employee’s ‘my documents’ file can be copied to the iPod in less than two minutes
–
because the iPod can be formatted with any
kind of file system, it could be possible for employees to hide data in a way
that a basic security check of the contents of the iPod would be unable to detect
–
documents and contact
information that have been copied to and then deleted from the iPod can be recovered using
standard computer forensic examination techniques.
