Mobile Device Security

I recently wrote an article for the WSCPA (Washington Society of of CPA’s) about Mobile Device Security. The article was not focused on the newest device flaw, or any particular fan-boy approach to the best or the worst device, but included a general approach to treating mobile devices with the same care you give towards managing laptop users.

Perhaps in the future I will re-post the entire article, but for now, here are the key points to developing a policy for mobile devices:

  1. Require that passwords be used. Password protection is a standard feature of mobile devices, yet few users utilize it as they find it inconvenient. This simple step is the most effective way to ensure the data on a device stays secure until it can be remote wiped.
  2. Turn on encryption!  All the common devices have the ability to transmit data in an encrypted fashion, so make sure this is turned on with any device being used for email!
  3. Enable remote wipe! Ensure that your IT department gives itself access to every device so that they can remote wipe any lost or stolen device.
  4. Be clear on intellectual property policies! Business email and data transmitted to mobile devices is indeed intellectual property, and mobile device users must have clear policies outlining this fact, so that they understand the rights of the company to secure that data.
  5. Turn Bluetooth to hidden mode. Limit exposure to hackers who may discover your device if it is in default always on and discoverable mode.
  6. Have an acceptable use policy for applications. Applications are a big part of what owning a mobile device is becoming about… but they also can create a lot of issues, and they may present specific security risks. These applications can enable data theft, password theft, or other issues.  If someone wants corporate data on their personal device, they may have to submit to some controls over what types of applications they run. If you are concerned about security, it may be important to limit the ability to load applications, or to require that applications loaded be vetted by IT first, as you can’t trust that the various places these come from (iPhone store, etc) can properly police all the applications presented to ensure that they don’t harbor malicious code or spyware.

Happy (mobile) computing!

Richard Brunke

Posted on July 27, 2010 at 7:01 am by Richard Brunke · Permalink
In: Security

Leave a Reply