Does your organization prioritize mobile security? According to recent news, even the U.S. Department of Defense (DOD) is concerned about mobile security and the ability to securely transfer information between mobile devices. This is no small task for the DOD: according to the American Forces Press Service, the DOD has over 600,000 commercial mobile devices in use. That includes 470,000 BlackBerries, 41,000 iPhones and 8,700 Android devices.
How is the Department of Defense going to secure all of these mobile devices? Simple: with a well thought-out plan, complete with objectives and goals.
The Department is looking to roll out top-secret and unclassified mobile devices throughout this year and the next while establishing its own device management capability. The DOD is also looking into Public Key Infrastructure, a method of authentication, in conjunction with other digital signature services.
Robert Carey, DOD Chief Information Officer, shares on the matter, “It’s an exciting time for the mobile space, and I will tell you as we march into it and into choices and … into smart phone utilization in the DOD, it is not without the requisite security…Many an industry and federal agency are leaping into it a little faster than the security apparatus is willing to catch up with, but we are not. We are trying to leap in it with the security apparatus attached.”
We’ve discussed the importance of mobile security many times on the blog, but this news presents itself as a good opportunity for a refresher. Here are a few key points you should consider when laying out your mobile security plan:
1. Have a Plan for When Mobile Devices Get Lost or Stolen
In the event one of your company phones gets lost or stolen or finds some other route to the black market, it’s important to have a contingency plan in place. Make sure your employees use a password for their devices, and be sure that all phones are equipped with security software such as McAfee Mobile Security, which can easily locate, lock and remotely wipe the data on a potentially compromised phone. Larger organizations can check out McAfee Enterprise Mobility Management, which aids IT managers in simply adding/deleting users from corporate network resources while enforcing their security policy.
2. Educate Employees on Basic Security Practices
Don’t place passwords on post-it notes. Don’t talk about sensitive projects or programs in a cafe. Don’t assume that an unsecured Wi-Fi network is a safe place to log in. Always use a different password for different accounts. Give your team the tools they need to maintain unique and secure passwords.
3. Avoid Risky Apps
It may be disappointing to hear, but company property isn’t a suitable device for you to play TempleRun. Refrain from downloading unnecessary apps on your mobile device, especially if they’re free and can access your contacts. Android devices are particularly at risk, as recent studies and news reports show that many Android apps are listed as “suspicious” and malware is, unfortunately, common on the platform. Apple’s App Store has a more strict app vetting process, so it appears to be more secure, but it’s only a matter of time until some form of malware sneaks through.
As the workforce becomes increasingly digitized, secured mobile devices will become all the more important. Now is the time for your company to lay out its mobile security plan. Having the right software, practices, and education about mobile security are important first-steps, but it’s not all. Remember: there’s always room for improvement. If the DOD can lay out a strategy for over 600,000 mobile devices, so can you!