December 02, 2009, 8:43 AM — Brent Huston, Microsolved, Inc. -- Security with mobile devices starts before they are added to an organization's assets. Although it may take extra time, it will pay off in the long run if an organization researches mobile devices before purchasing. Here are some tips that can help decrease the possibility of a security breach:
1. Use encryption and authentication features. Create policies that will ensure encryption features are accessed and launched. Many people do not use the password function but what would happen if a smartphone fell into a stranger's hands? Why make it easy for someone to access private data? Set up a password.
2. Create remote wipe capabilities and set up a "lost item" process. If a mobile device is lost or stolen, the IT department could remotely remove any sensitive information. Not everyone turns in a lost cell phone. Remotely wiping it of sales forecasts or strategy diagrams will keep your organization's plans safe. Having a quick hotline for lost items will help IT staff confront a problem quickly and efficiently.
3. Be careful about third party applications. Although some seem to be harmless, they can possibly be a back-door for attackers to access your internal network. By limiting unsigned third-party applications, an organization can close one more opportunity for data theft.
4. Create unique firewall policies. Those who have smartphones do not need to have access to all the databases in the network. Only allow access to the data that would most commonly be used.
5. Start considering software. As smartphones become more common, hackers will start to target them more often. Adding precautions such as equipping devices with intrusion prevention software is another good way to provide security. And although anti-virus software for smartphones isn't common, it's a good idea to keep watching for it. This type of software is bound to develop and be plentiful as more organizations use highly sophisticated smartphones, which are really small computing platforms.
IT managers may be reluctant to tackle the issue of securing mobile devices, they realize mobile devices aren't going anywhere. Supporting a limited number of mobile devices may be the answer. Creating and enforcing a consistent review process, together with awareness programs, will help keep your company's business, your business.
Resources that can help your organization with mobile device security: