Information security experts are fond of the certain language they use to explore and explain the security threats that companies and organizations routinely face. One particularly interesting notion from this lexicon is that of an "attack surface," which identifies a potential point of attack on one's information or financial assets, intellectual property or ability to conduct business.
Because any successful attack brings with it a chance of financial loss, legal or regulatory infractions, or damage to reputation, best practices for dealing with attack surfaces mean limiting exposure to unwanted or uninvited access, hardening them against attack and imposing what's often called "defense in depth." This requires building multiple layers of protection around valuable stuff; if one layer gets breached, the bad guys aren't automatically handed the keys to the treasure vault.
All this makes security for mobile devices both important and vexing. The more that employees and contractors use mobile devices to access organizational systems, applications and data, the more important it is to protect such access. Furthermore, it's essential to prevent the mobile devices that are supposed to boost productivity and add to the bottom line from opening unauthorized means of access to information and other assets; this turns them into a danger and a possible drain on revenue instead.
Given that mobile devices are inherently moving targets used outside the organization's perimeter — and thus also outside its firewalls, threat management, spam and content filtering, and other tools used to keep evildoers at bay — it's vital to apply a battery of best practices to use of mobile devices to keep exposure to risk and loss to a minimum. As any security expert will tell you, though, there's a fine line between enough security to keep things safe and protected and a smothering blanket of security that gets between people and the jobs they must do.
Although it's challenging and comes with some costs, the following list of mobile security best practices can help protect mobile devices and their users from unwanted exposure or unauthorized disclosure of company or organization IP, trade secrets or competitive advantages. Some of these practices aim at securing the mobile devices themselves, while others aim to protect the data and applications with which mobile users need to interact. All will help reduce risk of loss or harm to your company or organization.
1. Mobile Devices Need Antimalware Software
A quick look at new malware threats discovered in the wild shows that mobile operating systems such as iOS and (especially) Android are increasingly becoming targets for malware, just as Windows, MacOS, and Linux have been for years. Anybody who wants to use a mobile device to access the Internet should install and update antimalware software for his or her smartphone or tablet. This goes double for anyone who wants to use such a device for work.
Sign up for Computerworld eNewsletters.