Mobile device security: Tips for IT pros (free PDF)
Securing data on mobile devices poses some unique problems. This ebook offers a quick overview of the biggest challenges, along with recommendations for overcoming them.
From the ebook:
Desktop workstations, servers, network firewalls and switches, HVAC units, and UPS devices all have one thing in common: As traditional in-house hardware they are easy to physically secure, either through restricted access, video monitoring, alarms, or other anti-intrusion and anti-theft mechanisms.
Mobile devices, on the other hand, are far more difficult to secure due to their unique features. I discussed the challenges involved with mobile security with Sinan Eren, founder and CEO of mobile security provider Fyde.com, and together we identified the following problems and recommended strategies.
Mobile devices are at risk due to their very nature of being portable. Their comparatively small size and lack of being physically secured renders them susceptible to loss or theft, which is why I recommend always keeping them on your person rather than in a purse or bag. These devices represent an attractive target for thieves since they can be resold with relative ease, unlike an HVAC system or Dell server, and are harder to track if the operating system has been wiped and SIM card removed. Always maintain control of your phone. Don’t leave it unattended in a public place and make sure you know how to use Find my iPhone, Google’s Find my Phone, or some similar service.
When mobile devices are used in public, confidential information might be observed by unauthorized individuals—including passwords or access codes. Even biometric protection may not mean much when it comes to keeping a malicious individual from accessing your phone. If your phone is stolen while unlocked, access to the contents becomes immediately available. And after all, someone under duress would likely be happy to provide a thief with a fingerprint swipe if it meant avoiding physical harm.
Risky device configuration
Mobile devices usually run with administrator rights and rarely use anti-malware protection, particularly in the case of consumer devices permitted for company use, such as in a BYOD arrangement.
In addition, stored data may be unencrypted, particularly on external micro-SD cards, which can put information at risk even with controls such as password requirements or biometric readers. Mobile device management solutions can help centralize and enforce security controls on these devices, but they are not without certain limitations and challenges. At the very least, enforce strong passwords and storage encryption on mobile devices.