This article will discuss about countering mobile device security threats that we need to understand. According to reports, for over a decade, mobile device security has been at stake. With the intervening years, security threats have grown at a high pace. The first mobile virus happened in 2004 and affected Symbian Series 60 phones, then in 2009, another worm was discovered that affected iPhones.
Further, in 2010, Android phones were affected, and in 2015, an Android virus was released that could capture all your contacts using an SMS containing a link to install a phony Amazon rewards app. By the end of 2016, security threats in mobile devices had increased by almost 30%. This transition from PC to mobile is a major switch. However, it has also brought with it a dire need for scrutiny. IT enterprises now have to think of a new approach to defining security strategies and management tools to minimize risk as well as secure the data in mobile devices.
Recommended Mobile Device Security Controls
- Inventory organizational mobile devices and applications
- Identify personal and rogue mobile devices and applications
- Keep software and operating systems up-to-date
- Disable autorun features
- Disable Bluetooth when not in use
- Restrict copying of corporate data to USB and other mobile devices
- Implement access control management
- Insure all application are authenticated
- Maintain anti-virus software on all mobile devices
- Practice sound patch management
Policies for Mobile Device Security
Mobile device security policies should be founded upon identified threats and assessed risks. This allows management to implement policies that address the specific threats in a cost-beneficial manner.
Recommended Mobile Device Security Policies
- Access to corporate data must be secured
- Sensitive data and applications are restricted to employees using the principle of least privilege
- Whitelists and blacklists of mobile applications are maintained
- All applications on employee mobile devices are securely installed
- Employees must sign an accepted use agreement
- Employees must agree to allow personal mobile devices on corporate property to be seized and
searched when violations are suspected
- Employees must agree to restrict the use of any mobile device storing corporate data to the
employee and no other person
- Employees must register all personal mobile devices brought into the organization
- Employees are not allowed to access corporate information on unregistered devices
- Employees are prevented from installing personal apps on corporate mobile devices
Feel free to contact E-SPIN for mobile device monitoring, vulnerability & threat and mobile security solution.
To know more about Mobile Security, please click on the link below.