For this months topic we will be discussing mobile security risks and preemptive measures to take in order to reduce the risks. Mobile devices are commonly used in remote locations (away from the office) which imposes many risks which need to be mitigated before sensitive/private data is stored or accessed.
Mobile devices allow workers to conveniently work in multiple locations which increases efficiency. Unfortunately this convenience comes with security risks. Mobile devices can easily be lost or stolen, connected to an unsecure network, and users may be tempted to download non secure apps that might conceal “malware” that could be used to steal confidential data. Since security is minimal for mobile devices, a thief can retrieve sensitive data directly from the device, or use the laptop, phone, or tablet to access an organization’s computer network remotely.
What to do?
- Centralized Device Management– Software technology that centralizes device management at the organization level to secure both agency-issued and personally owned devices. Centralized programs manage the configuration and security of mobile devices and provide secure access to an organization’s computer network. They are typically used to manage the mobile devices that many agencies issue to staff. Apple’s Find My iPhone helps with at least the device location and remote wipe.
- Information Security Awareness Training– Inform users who can potentially do harm to your network by visiting websites infected with malware, responding to phishing e-mails, storing their login information in an unsecured location, connecting to an unsecure location/device, or even giving out sensitive information over the phone when exposed to social engineering.
- Device Encryption and Passcodes– This is an easy fix to mitigate the risk of data breaches. Encryption is a reversible process which scrambles the data into cipher text (unreadable data). In order for the authorized person to access the device, the data can be reversed back to a readable format with the use of authentications i.e. password, token key (access card), fingerprint recognition etc. Additionally, mobile devices should be protected with a passcode that follows your company’s password guidelines and set to lock the user out if too many attempts are made. These things will make it much less likely that your mobile device will be abused by unauthorized use.