S 4.232 Secure use of extended memory cards

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: User

Since the storage space available on mobile end devices such as PDAs is limited, the memory of most models can be extended using external storage media. Memory cards such as SD, MMC, or Compact Flash cards are widely used for this purpose and have the advantage that they can be changed quickly. These cards do not require any batteries to store data, so the possibility of losing the data stored due to a lack of power is eliminated. They are therefore well suited for making backups on the road, which is especially useful when a PDA user is frequently absent for long periods of time. As in the case of backups in general, these memory cards must also be stored securely. If the memory cards are left unsupervised in the PDA or elsewhere, then unauthorised persons could be able read the data stored on the cards. This can be done in no time with a laptop and a suitable adapter. When the memory card is then returned to the original device or location, there is not even a single clue left behind to indicate that the data was read.

To protect the data stored on external memory cards, it is recommended to encrypt the data using appropriate tools. Memory cards whose data is not encrypted must always be supervised when on the road.

Review questions:

• Are extended memory cards always stored securely?