Mobile Device Security
Mobile Device Security
- Organizational Concern – pose a risk in data security when device used and transported outside physical boundaries
- Expose of sensitive and proprietary data using un-protected device
- Portable device size and removable memory capacity contributes to risk factors
- Goal – Maintain Confidentiality, Integrity and Availability
Mobile Device Classifications
- PIMs, PDAs, Smart Phones, Camera phones
- Laptop and Tablet PCs
- Removable media – CampactFlash, SecureDigital, Memory Sticks, removable USB drives, portable MP3 and MPEG players
Who’s interested
- Government espionage, corporate espionage, hacking, device theft individuals and groups
- Report to Congress: 75 known countries actively pursuing US technology
- Roughly 28 percent of robberies targeted mobile phones
- Employee carelessness and misuse
Challenges
- Mobile Devices use proprietary and non-standard OS
- Devices have removable media further distributes risks
- Approximately 97% are personal properties – not under organization’s direct control
- Small size, memory capability, and ease of download and removal
Risk Mitigation Strategies
- Goal: Protection of data on a device and the transmission of data
- Strong passwords
- Install 3rd party software protection and mechanisms
- Encrypt device transmissions
Risk Mitigation Strategies
- Install and update virus protection
- Utilize mobile firewall for network access
- Mobile Device policy with employee awareness campaigns
- Employ device management capabilities
- Procure digital camera mobile devices
- Prohibit USB devices – disable ports, disable auto-mounting, auto-installing
Security Management
- Familiarity with different types of devices and types
- Understand Areas of concern
- Knowledge of proposed solutions to mitigate the risks
- Management coordination
A Need for Inspiration
- We only need to be lucky once, you have to be lucky all the time” – hacker
- Constant vigilance to fend off attacks from within and without
- Attentiveness required to address the growing data security needs of an ever-expanding organization
Sound Practices Applied Through a Philosophical Approach to Information Security