Brent Huston, Microsolved, Inc. -- Security with mobile devices starts before they are added to an organization's assets. Although it may take extra time, it will pay off in the long run if an organization researches mobile devices before purchasing. Here are some tips that can help decrease the possibility of a security breach:
1. Use encryption and authentication features. Create policies that will ensure encryption features are accessed and launched. Many people do not use the password function but what would happen if a smartphone fell into a stranger's hands? Why make it easy for someone to access private data? Set up a password.
2. Create remote wipe capabilities and set up a "lost item" process. If a mobile device is lost or stolen, the IT department could remotely remove any sensitive information. Not everyone turns in a lost cell phone. Remotely wiping it of sales forecasts or strategy diagrams will keep your organization's plans safe. Having a quick hotline for lost items will help IT staff confront a problem quickly and efficiently.
3. Be careful about third party applications. Although some seem to be harmless, they can possibly be a back-door for attackers to access your internal network. By limiting unsigned third-party applications, an organization can close one more opportunity for data theft.
4. Create unique firewall policies. Those who have smartphones do not need to have access to all the databases in the network. Only allow access to the data that would most commonly be used.
5. Start considering software. As smartphones become more common, hackers will start to target them more often. Adding precautions such as equipping devices with intrusion prevention software is another good way to provide security. And although anti-virus software for smartphones isn't common, it's a good idea to keep watching for it. This type of software is bound to develop and be plentiful as more organizations use highly sophisticated smartphones, which are really small computing platforms.
IT managers may be reluctant to tackle the issue of securing mobile devices, they realize mobile devices aren't going anywhere. Supporting a limited number of mobile devices may be the answer. Creating and enforcing a consistent review process, together with awareness programs, will help keep your company's business, your business.
Resources that can help your organization with mobile device security:
- Programming Mobile Devices: An Introduction for Practitioners by Tommi Mikkonen
- Embedded Java Security: Security for Mobile Devices by Mourad Debbabi, Mohamed Salah, Chamseddiing Talhi, Sami Zhioua
- Advances in Security and Payment methods for Mobile Commerce by Wen-Chen Hu, Chung-wei Lee, Weidong Kou
- Construction and Analysis of Safe, Secure, and Interoperable Smart Devices: International Workshop, CASSIS 2004 by Gilles Barthe (Editor)
- Anti-Virus Software for Smartphones
- Security in the Mobile Device Era
- Mobile Security Definition and Solutions
- Five Steps to Protect Mobile Devices Anywhere, Anytime
- Mobile Device Security Through Virtualization
- Portable Device Security: Mobile Madness
Mobile device security is evolving. Check out these articles and books in order to stay informed and evaluate the benefits of applying it to your security strategy.
-- Brent Huston is CEO and Security Evangelist for Microsolved, Inc.
Want to cash in on your IT savvy? Send your tip to firstname.lastname@example.org. If we post it, we'll send you a $25 Amazon e-gift card.