Mobile Device Security 

Mobile Device Security 

  • Organizational Concern – pose a risk in data security when device used and transported outside physical boundaries
  • Expose of sensitive and proprietary data using un-protected device
  • Portable device size and removable memory capacity contributes to risk factors
  • Goal – Maintain Confidentiality, Integrity and Availability

Mobile Device Classifications

  • PIMs, PDAs, Smart Phones, Camera phones
  • Laptop and Tablet PCs
  • Removable media – CampactFlash, SecureDigital, Memory Sticks, removable USB drives, portable MP3 and MPEG players

Who’s interested

  • Government espionage, corporate espionage, hacking, device theft individuals and groups
  • Report to Congress: 75 known countries actively pursuing US technology
  • Roughly 28 percent of robberies targeted mobile phones
  • Employee carelessness and misuse

Challenges

  • Mobile Devices use proprietary and non-standard OS
  • Devices have removable media further distributes risks
  • Approximately 97% are personal properties – not under organization’s direct control
  • Small size, memory capability, and ease of download and removal

Risk Mitigation Strategies

  • Goal: Protection of data on a device and the transmission of data
  • Strong passwords
  • Install 3rd party software protection and mechanisms
  • Encrypt device transmissions

Risk Mitigation Strategies 

  • Install and update virus protection
  • Utilize mobile firewall for network access
  • Mobile Device policy with employee awareness campaigns
  • Employ device management capabilities
  • Procure digital camera mobile devices
  • Prohibit USB devices – disable ports, disable auto-mounting, auto-installing

Security Management

  • Familiarity with different types of devices and types
  • Understand Areas of concern
  • Knowledge of proposed solutions to mitigate the risks
  • Management coordination

A Need for Inspiration   

  • We only need to be lucky once, you have to be lucky all the time” – hacker
  • Constant vigilance to fend off attacks from within and without
  • Attentiveness required to address the growing data security needs of an ever-expanding organization

Sound Practices Applied Through a Philosophical Approach to Information Security