Information Technology Security Team,Office of the Government Chief Information Officer

You are reading page 1

PORTABLE electronic devices are common today and news of data loss associated with these devices is all too frequent. Data can be leaked along with lost media, so the protection of data in the media is equally important to the protection of the media itself.
In addition, there are many other ways, such as unauthorised access, that data leakage can occur. Users working with such devices should place great importance on security awareness.

Physical protection

Close monitoring is the best basic strategy for ensuring physical protection, and unattended portable electronic devices with classified data should be stored in safe places, preferably under lock and key. The physical security of the cabinet or the office area should not be neglected.

Physical security is of even greater concern to slim and mobile items like laptops, mobile phones and external drives. A preventive measure is to index and label such items for ease of identification, and then carry out regular inventory checking. This will be an effective way to detect loss.

Unauthorised access

Even temporary physical access to a computer device could cause great harm, such as enabling someone to duplicate the data or alter critical security settings. For instance, temporarily lending a smart phone to someone would potentially enable the person to send out some important files from the device through short messages or e-mail. The protection against such threats usually relies on access restriction, such as a screen saver with password protection enabled. More advanced applications may make use of biometric identification, such as finger print verification.

Unauthorised access could also come from networks, which are particularly common for wireless portable devices. Computer viruses, spyware and Trojans are notorious problems with damaging effects, sometimes enormous and irreversible. Proper installation of protective software, such as anti-virus software, is a must for tackling these problems.

Data removal

Paper documents carrying sensitive content should be shredded before disposal. Similarly, data on portable media must be cleared before disposal or being given away. It is a good habit to remove the data on any portable media immediately whenever the data is not to be used again. The backup of data on portable media must be accompanied by proper physical security protection.

Content encryption

Encryption is an effective measure of data protection, during which documents are converted into unintelligible format before storage with the use of an encryption key. In case an encrypted piece of data is accidentally lost, nobody will be able to read it without the decryption key. Longer encryption keys usually mean stronger protection.

To ensure effective encryption protection, a long enough encryption key must be used to protect classified data in portable electronic devices. The encryption key must always be kept secret and held by the data owner. The key is often stored in a secure device such as a smart card with password protection.


In conclusion, users should be aware that there are a number of security risks when using portable electronic devices. The risks should be assessed and appropriate safeguard measures should be implemented. If the risk assessed is high and there are doubts as to whether there is sufficient protection, then users should abandon such usage.