Mobile Device Security

by Stephanie Goetz | Jun 19, 2020

MobileDeviceSecurity

Work and personal lives continue to blend as many employees are working from home and social distancing.  Mobile devices, specifically phones, are already a key part of our personal lives because they manage everything from our bank accounts, contact information of loved ones, to social media accounts.  Now, mobile devices are following the current trend in blending work and personal lives as they are increasingly used to manage email, calendars and other work applications. 

It may be no surprise that as their popularity rises, hackers will focus more on this asset.  However, despite this threat rising, most institutions are not taking proactive steps to protect mobile devices which access their systems and data.

So, if you are considering adding or already have mobile devices connecting to your institution’s data, here are five steps you should take to secure these devices.  Many mobile device management options are out there can be configured with these protections.  If you use O365, these configuration options may already be included in your subscription or added at a minimal cost.

  1. Protect access to the device’s contents with a passcode or biometric authentication.

Mobile devices can easily be lost, stolen or confused, resulting in someone being able to open the phone and its contents without a challenge factor in place.  Many users decide to do this to protect their personal data, therefore this step is really commonplace.  All that remains is to make sure this step stays in place with a mobile device manager if your institutions data is accessible by the device.

  1. Reject any connection attempts from a device that is rooted or jailbroken.

Devices can be modified to override some security features built into the iOS or Android operating system.  This is called ‘jailbreaking’ in iOS or ‘rooting’ in Android devices.  This makes the device more susceptible to attacks by more easily allowing the user to modify code or install software the device manufacturer would typically disallow.

  1. Ensure the device is on a supported operating system and configured to install updates.

This is a well-established best practice for servers, workstations and laptops, perhaps thanks to the publicity of vulnerabilities such as Heartbleed, WannaCry and Not Petya. Security updates are of the same importance for mobile devices and any devices allowed to access institution data.  Vulnerabilities allow attackers the ability to access systems and data and/or install malware…mobile devices are no exception to this rule. 

  1. Configure the device to remotely wipe.

We already discussed the propensity of mobile devices to be lost or stolen.  Like any other security controls, authentication controls can be bypassed by a knowledgeable person or a person with a lot of time on their hands.  So, the best step to take if a device is lost or stolen is to remove the data. 

Many mobile device managers offer the ability to wipe only the institution’s data or the entire device.  Wiping only the institution’s data is handy if a user has lost their device and just wants some time to find it or if you have someone leaving employment with the institution.   

  1. Educate users on identifying and protecting against mobile threats, such as smishing.

Users are at an increased risk of social engineering with mobile devices.  While the principles are same, the attacks can appear differently such as with smishing, which is basically a phishing attempt sent through text (SMS).   Also, users are typically in a hurry on mobile devices, for example many users read emails as soon as received on the device.  Therefore, they are less likely to think about the validity of the message and their response than on a laptop or desktop.   

If you need help with your mobile device security strategy or have any questions, email us at support@bedelsecurity.com.

 

Additional Resources:

Information Security Strategy: 5 Tips for Success
https://www.bedelsecurity.com/blog/information-security-strategy-5-tips-for-success

Protecting Against Email Compromise
https://www.bedelsecurity.com/blog/protecting-against-email-compromise

The Importance of Social Media Monitoring
https://www.bedelsecurity.com/blog/the-importance-of-social-media-monitoring

Data Loss Prevention Tips
https://www.bedelsecurity.com/blog/data-loss-prevention-tips

Microsoft Azure AD Options Explained
https://www.bedelsecurity.com/blog/microsoft-azure-ad-options-explained

Want these articles delivered weekly to your inbox? Subscribe to our Newsletter!

Recent Posts

Stay in the Loop!