The basic risk factors relating to mobile IT devices can be separated into three main categories: confidentiality; integrity and availability.
Confidentiality is a real business-critical issue. Companies should have a strict security policy in place restricting the information that employees can copy to these types of devices as well as employing encryption technologies. This is important when considering the use of these devices in public environments as well as potential accidental situations such as briefcases containing confidential documents being lost.
Exposing communications and access services to a mobile workforce requires a robust understanding of the risks involved when they are used and a level of professional integrity and responsibility to be associated with them.
The availability of mobile communications services can become a great concern if an organization is highly dependent on its mobile workforce. For any organization dependent on IT, having a business continuity plan in place to minimize service disruption is vital.
Organizations need to ensure that these risk factors are addressed continually as their mobility strategy evolves. But it doesn’t have to be a cumbersome process. In fact, ten simple points can provide a framework within which many risks associated with mobility can be easily challenged.
The ten simple steps to mobile security can be defined as follows:
- Inventory, categorize and assign sensitivity levels to corporate information and assign policies and controls
- Conduct an initial mobile security assessment for fit.
- Evaluate and update existing mobile policies, or create new policies, for use as corporate standards to secure all mobile devices and applications.
- Develop clear security and usage guidelines for mobile devices
- Make a list of mobility tools allowed to be used by workers such as home PCs, private mobile devices, public internet services
- Encrypt all data on all devices
- Enforce security settings -from passwords to establishing “lock/wipe” policies by which devices that are stolen or lost can be locked by the administrator and data wiped out.
- Ensure all devices have anti-virus software installed and this is regularly updated
- Implement a robust technology for identifying remote workers connecting to the services (inc. multi-factor authentication)
- Review the security of public services regularly, consider using a specialized third party for testing
- Reassess mobile security
This is by no means a complete list, but is a good starting point for any company serious about integrating mobility into its business operations. It is important to review existing polices and modify them to meet the changing business needs rather than trying to defend why old policies and practices should translate to new mobility challenges.
As more and more workers enjoy the freedom and flexibility mobility offers, enterprises will continue to look to reap its rewards for increased productivity and responsiveness. By preparing effectively, monitoring and regularly updating security procedures and policies, enterprises may harness the power mobility and safeguard their brand and confidential data for the future.