Mobile security plays a big role in staying safe as more organizations than ever rely on cell phones, tablets, and laptops for business. Does your cybersecurity strategy keep mobile in mind? Here are four mobile security tips to help your organization stay secure in a connected and moving business environment. Show
1. Know What’s ConnectedThe first step for any organization is to create an inventory of hardware – after all, if you don’t know what’s connected to your network, how can you secure it? If you’ve started implementing the CIS Controls, this might sound familiar. However, creating and maintaining an inventory is especially difficult when mobile devices enter the mix, since they’re not consistently connected to companies’ networks like desktops, printers, and other on-site systems. If your organization is looking to implement BYOD (Bring Your Own Device) or other mobile policies, consider including requirements for which devices may be used and let employees know what information will be necessary to participate. Since email is one of the most frequently-accessed work accounts, you might also check how off-site devices are connecting to your email systems. This will provide helpful information about employees’ habits and preferences, allowing you to address mobile access with security in mind. 2. Know What’s RunningOnce you’ve identified the mobile devices in use at your company, it’s time to create and maintain a software inventory – again, if your organization uses the CIS Controls, you might have tackled this for on-site devices. You need to know which applications are in use in order to keep your organization’s mobile devices (and the systems they interact with) secure. Mobile Device Management (MDM) platforms can assist with this. Whether home grown, off-the-shelf, or something custom-built for your company, MDMs can provide your organization information about which applications and programs are installed. MDMs can also help by allowlisting Wi-Fi networks and enforcing password policies. Keep in mind that some MDMs can cause privacy concerns – both for employees and for the organization – depending on how much information they collect. If your company allows the use of personal devices, pay close attention to how your MDM works and provide transparent details about the process for users. 3. Monitor For VulnerabilitiesUnlike networked desktops which can be quickly scanned, checking mobile devices for vulnerabilities can be a serious challenge. In the mobile world, vulnerabilities can take advantage of hardware, operating systems, applications, physical locations, and network connections (including Bluetooth and NFC). In order to make an assessment, you’ll need to understand the devices in play, the data involved, and how your users interact with their devices. MDMs can also help monitor for vulnerabilities by addressing data and application security, protecting against network-based threats when using Wi-Fi, and monitoring for configuration changes. Of course, one of the best defenses against cyber attack on work-connected devices is education. Make sure your employees know the risks of using mobile devices for work activities, and educate them about the importance of making sure applications are legitimate and up-to-date. 4. In Case of EmergencyUnlike desktops, cell phones and tablets are easier to misplace. What happens if your employee loses track of their work-connected mobile device? What information could it provide to a cybercriminal? Don’t wait for an emergency to answer these questions. When developing your mobile security strategy, be sure to include requirements such as:
In the unfortunate event that an employee’s phone falls into the wrong hands, the right precautions will help cybercriminals from accessing company data. Anti-theft services allow your organization’s IT professionals to erase the device’s data remotely, protecting valuable assets and private information. For more information about keeping your organization’s mobile devices secure, check out our Mobile Security Companion to the CIS Controls. What is an information security policy?Security threats are constantly evolving, and compliance requirements are becoming increasingly complex. Organizations must create a comprehensive information security policy to cover both challenges. An information security policy makes it possible to coordinate and enforce a security program and communicate security measures to third parties and external auditors. To be effective, an information security policy should:
In this article:
The importance of an information security policyInformation security policies can have the following benefits for an organization:
12 Elements of an Information Security PolicyA security policy can be as broad as you want it to be, from everything related to IT security and the security of related physical assets, but enforceable in its full scope. The following list offers some important considerations when developing an information security policy. 1. PurposeFirst state the purpose of the policy, which may be to:
2. AudienceDefine the audience to whom the information security policy applies. You may also specify which audiences are out of the scope of the policy (for example, staff in another business unit which manages security separately may not be in the scope of the policy). 3. Information security objectivesGuide your management team to agree on well-defined objectives for strategy and security. Information security focuses on three main objectives:
4. Authority and access control policy
5. Data classificationThe policy should classify data into categories, which may include “top secret”, “secret”, “confidential”, and “public”. Your objective in classifying data is:
6. Data support and operations
7. Security awareness and behaviorShare IT security policies with your staff. Conduct training sessions to inform employees of your security procedures and mechanisms, including data protection measures, access protection measures, and sensitive data classification.
8. Encryption policyEncryption involves encoding data to keep it inaccessible to or hidden from unauthorized parties. It helps protect data stored at rest and in transit between locations and ensure that sensitive, private, and proprietary data remains private. It can also improve the security of client-server communication. An encryption policy helps organizations define:
9. Data backup policyA data backup policy defines rules and procedures for making backup copies of data. It is an integral component of overall data protection, business continuity, and disaster recovery strategy. Here are key functions of a data backup policy:
10. Responsibilities, rights, and duties of personnelAppoint staff to carry out user access reviews, education, change management, incident management, implementation, and periodic updates of the security policy. Responsibilities should be clearly defined as part of the security policy. 11. System hardening benchmarksThe information security policy should reference security benchmarks the organization will use to harden mission critical systems, such as the Center for Information Security (CIS) benchmarks for Linux, Windows Server, AWS, and Kubernetes. 12. References to regulations and compliance standardsThe information security policy should reference regulations and compliance standards that impact the organization, such as GDPR, CCPA, PCI DSS, SOX, and HIPAA. 9 best practices for successful information security policies
Which criteria should you look for to keep your mobile device secure?Mobile Device Security Best Practices. Enable user authentication.. Always run updates.. Avoid public wifi.. Use a password manager.. Enable remote lock.. Cloud backups.. Use MDM/MAM.. What are the organizational measures for handling mobile devices?All will help reduce risk of loss or harm to your company or organization.. Mobile Devices Need Antimalware Software. ... . Secure Mobile Communications. ... . Require Strong Authentication, Use Password Controls. ... . Control Third-party Software. ... . Create Separate, Secured Mobile Gateways.. What are the 4 main security tips you can use to protect your mobile operating system?Set up Touch ID or Facial Recognition on your device, and back that up with a unique PIN or pattern. Don't download apps from third-party sites. Cybercriminals create “spoof” apps to trick people into downloading malware or spyware onto their device. Only use official apps from Google Play or the App Store.
What are the six steps to secure your mobile device?How to Secure Your Mobile Device in Six Steps. Use strong passwords/biometrics. ... . Ensure public or free Wi-Fi is protected. ... . Utilize VPN. ... . Encrypt your device. ... . Install an Antivirus application. ... . Update to the latest software.. |