A presentation on the challenges of secure mobile working and what to do about them, for Infosec 2007. The data may be getting long in the tooth but the points are still valid today.
1. Best practice security for the mobile enterprise A review of the challenges and approaches Jon Collins, Service Director Freeform Dynamics Ltd [email_address] July 2007 www.freeformdynamics.com
4. Do you permit employees to access your systems from any of the following?
5. How prominent are the following threats to IT security? A net increase is expected in the level of threat across the board
6.
7. FREQUENTLY OVERLOOKED OR ILL-CONSIDERED RISKS Handheld devices Notebook PCs Public/home terminals Inadvertent publishing Careless mobile phone conversations allowing eavesdropping by those within earshot in public places Displaying confidential data on planes, trains and in other places where people can look over your shoulder Displaying confidential data in internet cafes and other places where people can look over your shoulder Electronic snooping/theft Leaving Bluetooth device in discoverable mode risking high jacking or theft of on board data Connecting to unknown or insecure WiFi networks or irresponsible use of ad hoc WiFi networks Use of insecure connections from public terminals or saving data/login information on home/public PCs Physical loss or theft Pick pocketing, snatching, burglary, leaving devices on public transport, client sites, in public places Snatching, theft from car, theft from desk, burglary, leaving PC on public transport, client sites, in public places Burglary, loss or theft of removable storage devices (USB keys, SD cards) used to move data between PCs
8. How easy is it to control the security risk arising from the proliferation of confidential data across workgroup servers, PCs, mobile devices, remote sites, etc? Just the way in which technology use grows organically in a distributed manner represents a threat to security in itself
9. How prominent is the risk from security breaches or exposures via employees acting carelessly or deliberately? Larger organisations in general are more concerned about the threat from employees, reflecting the “depersonalised” corporate culture.
10. Have concerns of risk exposure specifically held you back from taking full advantage of any of the following? The opportunity cost associated with risk related concerns is clear
11. Considering IT security measures, what is the status of your capability in the following areas?
12. RIGHT SUPPLIERS Try to select vendors who understand your type of business and are willing to provide help and advice RIGHT TECHNOLOGY Ensure that selected technologies are securable as well as functional SMART DEPLOYMENT Implement technology in a controlled and structured manner and strive for consistency wherever possible SMART USE Ensure that users are properly trained, appreciate the risks and know how to deal with them KEYS TO SECURE MOBILE WORKING
13.
14. How would you rate your employees' attitude towards mobile data security? There’s no substitute for proactive training when it comes to security
15. Thank You Jon Collins, Service Director Freeform Dynamics Ltd [email_address] July 2007 www.freeformdynamics.com