A few times, I have written about David Gewirtz, Publisher and Editor-in-Chief of ZATZ Publishing as well as author of Where Have All the EMails Gone? On Friday, he reported that two Blackberry devices were stolen by a lead press advance person for the Mexican delegation during a senior level meeting between the US and Mexico in New Orleans. You have to read the entire article to get the full effect. but this may raise the hairs on the back of your neck:
We also don't know exactly how long Quintero Curiel had the BlackBerry devices in his possession, but because we know he had to have traveled from the hotel to the airport, we can guess at the minimum time he had unobserved access to the devices.
According to the very helpful Althea at the Windsor Court Hotel, it takes 20-25 minutes to get from the hotel to the Louis Armstrong International Airport. If this snatch and grab was a coordinated intelligence operation on the part of the Mexican government (and we have no way of knowing whether it was or wasn't), 20-25 minutes would have been more than enough time to transfer all the data from the BlackBerry devices to another computer and even transmit digital clones of the devices' content to computers in Mexico.
It is entirely possible that by the time U.S. Secret Service agents recovered the devices, their valuable contents had already been purloined. Even if data on the BlackBerrys was encrypted, a complete digital duplicate of the devices' contents could have been sent to Mexico and it's a mere matter of computer power to sift through the data or attempt to crack the passwords.
This also has implications for your business' Blackberry's. It would make sense to review your policies and procedures when Blackberry's are reported missing or stolen. And if you don't have said policies and procedures, you might want to "fast track" them. Further, training of your Blackberry users would be an excellent idea. That way, when they report the device missing, they will know that it will be wiped within X minutes of it being reported missing. For people that continue to misplace their device, they should have their Blackberry privileges revoked.
You have to hand it to Gewirtz for reporting on the continuing saga of White House e-mail. Most of the "mainstream media" has already left the scene for some titillating news story out of Hollywood, but he keeps his attention on the ball. There are many lessons to be learned, not only for "Worst Practices," but how you can lessen your own business' risks. Take a moment to read about the theft of White House Blackberry's. Then, look at your own business practices.
Link: David Gewirtz: The worrisome implications of the Mexican theft of White House BlackBerry devices
Comment posted by JYR04/28/2008 08:52:04 PM
It's difficult to implement policies and procedures because most of the time, the worst users are the managers.
From a case here in Canada. The translation is not perfect but here it is.
A federal report shows that the costs incurred by the use of cellular phones and Blackberry terminals at the Ministry of Natural Resources have exploded.
The ministry has failed to establish rules in this regard, in addition to losing the list of numbers used, so that its workers have cost taxpayers up to $ 500 000 per year in wireless communications.
The surveillance was so low that officials of the Ministry were unable to provide auditors with a basic inventory of aircraft used.
Since the report was drafted, officials have determined that officials were using BlackBerry 900 and 700 cellphones.
Investigators have also established a unit in five was used for purposes other than professional.
Users were also permitted to personally agree with the main suppliers of telecommunications services in Canada with the result that 1 500 individual contracts were signed.
Comment posted by Gregg Eldred04/29/2008 12:03:43 AM
Homepage: http://www.ns-tech.com/blog/geldred.nsf
@JYR: I know that implementing a policy that revokes the use of a Blackberry will be unpopular, but for the good of the organization, it makes sense. It's better than no policy, which is basically what you have shown. And some poor Admin has to maintain all of those devices, from different vendors, with different service plans.
Comment posted by JYR04/29/2008 08:43:37 AM
yeah, everything must come from the management.
The "poor admin" could say : "I will not support you if you have an individual contract" but as we know it will not happen because the "poor admin" is not supported by the same management.
As for a mail policy, i'm trying to implment one over here and it's not easy.
No mail policy
5000 users, 1,5tera of mails, > 14 millions mail documents
No quota
No audit on what types of attachments are in the mail files.
JYR
BlogSphere V1.3.1
Join The WebLog Revolution at BlogSphere.net