Lock down Windows mobile devices in four ways

It's 5 PM on a Friday. Do you know where your data is?

Take a minute and think about that. You probably have many Windows file servers spread across your network that hold all kinds of important data. But do your users only work on desktop computers strapped to their cubicle desks? Or do they have laptops, Blackberry devices, PDAs, and other memory-capable gadgets on which your company's data and intellectual property can be stored? If you do, then the loss or theft of one of these devices can be far more costly than simply the price of the device itself. Take a few steps now to protect the data your users may be storing on those devices.

1. Enable the BIOS password on your notebook. More corporate data is lost through theft of laptops than any other method. It's easy to picture how it happens: misplaced devices at airports, laptops left in parked cars. Sure, the hardware loss is significant, but what about the data stored there? It's all in the hands of the thief once he gets into the operating system. But if you've enabled a BIOS-based password, he can't do anything with the stolen device besides watch the RAM check. (This also works for some mobile devices and cell phones.)
2. Get antivirus for your cell phone. I know, it sounds a little ludicrous right now, but today's PDAs and cell phones are more connected to the Internet than ever before, and such exposure will really test the integrity of the operating systems on each device. Mark my words: it won't be long before malware starts infiltrating PDAs, cell phones, Blackberries, Treos, and any other mobile device. It's just a matter of time. And the antivirus companies have already come to this conclusion, and all of them are working on mobile device antivirus products right now. Check out the following link for a little more information on this: http://channels.lockergnome.com/windows/archives/20050314_cell_phone_viruses.phtml
3. Disable the Bluetooth feature on your phone when it's not in use. Many phones now are shipped standard with Bluetooth functionality, a wireless technology that lets your phone exchange information and data with other wireless devices that are within about 30 feet. If your phone has Bluetooth technology, one option would be to disable the function until it is needed. (As of now, the only known virus operates by using the Bluetooth connection repeatedly, looking for other devices to infect. So if your battery drains rapidly, this could indicate your phone is infected with a virus.)

   Windows security tips Tip: Lock out mobile threats News: Gadgets pose security risk

4. If you're an enterprise, invest in remote wipe to prevent unauthorized data from being leaked when a device is lost or stolen. This type of feature allows you to completely wipe off data and restore a device to a cleansed, pristine, data-free state over a cellular network assuming you're using Windows Mobile and/or a couple of other interesting solutions. Again, you do have the hardware loss, but the thief may not have been after the device itself. Google "remote wipe" to find a good sized set of resources on this.

About the author: Jonathan Hassell is author of Hardening Windows (Apress LP) and is a SearchWindowsSecurity.com site expert. Hassell is a systems administrator and IT consultant residing in Raleigh, N.C., who has extensive experience in networking technologies and Internet connectivity. He runs his own Web-hosting business, Enable Hosting. His previous book, RADIUS (O'Reilly & Associates), is a guide to implementing the RADIUS authentication protocol and overall network security. Ask Hassell a hardening Windows question today.