Mobile security has morphed in the last few years to become a major area of security concern. It’s no longer just laptops that provide on-the-go networked computing – smartphones, tablets, ultra-portables, e-readers and other networked devices now all vie for a space in your electronic arsenal, and they all come with their unique set of security concerns, specifically because of their mobile nature. The continual and rapid improvement in mobile device size, intelligence and computing power, means that these devices have the ability to mimic the abilities of full-blown desktops and laptops with an easy-of-use that along with their mobile nature, introduces new security threats.
Security standards are no more important than in this area due to the increased security requirements, disconnected-use method and more volatile threat landscape. There are some basic procedures that can be followed to mitigate the increased risks from mobile devices:
- make sure you have a company-wide security policy for mobile devices
- use risk assessment regularly to pick up on changing security trends
- provide training to your user and employees, and increase security awareness
Data types on these devices that can be compromised include email, images/videos/sound bites, contact information, static data/documents, authentication information, calendaring info and other. Tailor your security policies to the type of information that is contained in the mobile devices that are used within the organisation.
Deployment and use
- make sure mobile devices are patched regularly with the latest vendor-supplied updates
- disable or remove unnecessary features and services on mobile devices
- make use of user authentication, encryption and/or vpn to transmit critical information
Maintain security on mobile devices
- reduce exposure of sensitive data ( eg. use password database applications, encrypt sensitive data )
- maintain physical control over mobile devices
- backup data regularly
- use non-cellular connection options only when required
- report compromised devices
- enable additional software such as tracking, anti-virus or anti-malware applications
- control use of electronic wallets
- use 2-factor authentication
Centralised security management is a good option as it provides easy control over your mobile devices. Not all devices will support this though so it’s important to look at the enterprise capabilities of mobile devices before purchasing them. The depth of these capabilities will determine the control you have over these devices and the level of exposure they subsequently exhibit.
Areas of importance include:
- policy control
- remote password reset or data wipe
- remote locking
- network access control
- camera, microphone and removable media controls
- remote update capabilities
Policies, standards and procedures are needed to bring a certain level of security to the use of mobile devices within the modern organisation. Without these, mobile devices can become a security nightmare with data loss/compromise, identity theft and company network intrusion being real possibilities.
Take care.
