Thursday, 13 October 2005 18:08 EST

Companies must develop stronger policies to reflect the changing reality of mobile working

IT managers must formulate better policies to protect mobile devices, UK encryption firm BeCrypt warned today, especially relating to the deletion of files from mobile devices.

Recent industry calls for secure data deletion do not go far enough, the company warned, after it recovered data that had supposedly been ‘deleted’ from storage media such as USB sticks and memory cards purchased online. BeCrypt recovered mobile telephone contact databases, business material including corporate launch information for a new Land Rover, MP3 files, GCSE coursework, family photographs and pornography using software purchased at nominal cost from the internet.

According to the UK Home Office more than 100,000 people per year fall victim to identity theft at a cost of more than £1.3 billion per year. Gartner estimates that the number of mobile email devices, such as Blackberries and other PDAs, will hit 80 million globally within three years.

“With the proliferation of mobile devices in business, it is critical that IT managers implement policies to protect all corporate data whether the data is used inside the firm or transported on mobile devices,” said Peter Jaco, CEO of BeCrypt. “Staff need to be educated as to the potential risks of losing data and firms need to deploy software to encrypt data held on corporate peripheral devices. Deleted files, as we have demonstrated, can be easily recovered using freely purchased software on the web, but if the data was encrypted as part of a corporate security policy, or by the home user in the first place, the data would be safe.”

Reformatting magnetic memory such as a hard disk drive, or electronic memory such as a USB memory stick, results in only the file allocation table being erased and typically files themselves are left intact until they are subsequently overwritten. This means data can still be recovered using data recovery tools.

BeCrypt’s DISK Protect 3.0 full disk encryption security solution for laptop and desktop computers incorporates removable media encryption. Data saved onto memory cards and USB drives is encrypted and cannot be read on any other machine.

BeCrypt analysed a number of devices purchased on eBay for between £5 and £10 each, all of which contained recoverable information. A fifth contained personal information that could be used for identity theft. All but three of the devices appeared to have been freshly formatted or had all the data erased using tools provided as part of the computer’s operating system.

All devices purchased as part of the BeCrypt survey campaign have been encrypted and destroyed.

About BeCrypt

BeCrypt Limited was formed in 2001 to meet the growing demand for high-level computer encryption products in the international government and corporate marketplace. The company is the UK’s largest supplier of enterprise encryption and security products designed to fully protect all corporate data. BeCrypt products protect customers in key UK government areas including: central and local government, the military and defence sector, law enforcement and transportation. The company also services the commercial sector with key customers in financial services, pharmaceutical, insurance and banking sectors. BeCrypt features on Gartner’s magic quadrant for data encryption.

BeCrypt’s DISK Protect and PDA Protect products have been designed to meet stringent government security standards and have been approved by the UK Government.

BeCrypt has won an award from the Department of Trade and Industry for innovative technology and has patents pending on a number of unique security technologies.

Further information at http://www.becrypt.com