jump to navigation

Mobile Security Practices December 8, 2013

Posted by lorenmurphy2 in Security.
trackback

In the article, “10 Best Practices for Mobile Device Security,” Tom Cross, security researcher for IBM, discussed tips for keeping mobile devices safe. One best practice that Cross suggested was devices should require authentication. According to the article, within a six month period, more than 31,000 New Yorkers left behind their mobile devices in a cab. If these phones did not have a password lock, then unauthorized users could have access to valuable information. Authentication has been a topic of debate throughout the semester. Normally authentication has been discussed when dealing with computer systems. Having computer systems give authentication to only a select set of users depending on their function, having passwords with a strong strength, and not storing passwords in a file on the computer have all been tips for protecting the system from hackers. With mobile devices becoming increasingly complex, companies will have to think about how to keep them secure. One way to provide protection is by having company phones so employees separate their personal and work life. By having all work emails and calls on one device, there is a better paper trail for audits and custom firewalls can be installed on the device. Installing firewalls and controlling third party applications was another best practice suggested by Cross in the article. In the future, companies will have to consider anti-virus protection software for mobile devices because the number of people connecting to the Internet via these devices is exponentially increasing. This creates a perfect market for hackers because these devices will start storing valuable information.

Another best practice that was suggested in the article is for companies to utilize remote wiping capability. The idea behind this practice is that if an employee loses their phone, then they could contact the IT department (using a specific procedure) and have their phone wiped clean. That way, if an unauthorized user was to find the phone, then all valuable information would be gone. Personally, I’m skeptical about this best practice. If the procedure to wipe a phone is done via an online document or website, a hacker could pose as a user and have a phone wiped clean. If the phone’s actual owner did not backup their data, then lots of valuable information could be lost and greatly affect the company.  The success of this practice is dependent upon how well the company defines and secures a procedure. In fact, according to Cross, mobile security risks could be mitigated by having consistent policy development and enforcement instead of having a special security technology.

Resources:

Chickowski, Ericka. “10 Best Practices for Mobile Device Securuty.” Baseline. 2009

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: