The issue of mobile device security is huge, complex and very important. And, according to a new study by Verizon, the problem may even be worse than thought.
Last week, I wrote about securing endpoints. The upshot is that there are different thoughts on how best to tackle the job. A survey reported upon yesterday by Dark Reading makes the importance of meeting this challenge even more urgent. The 2015 Verizon Data Breach Investigation Report found that the average cost to an organization of an infected device is $9,485.
In other words, the problem is not theoretic. It is real and problems are occurring.
The commentary in the story painted a scary picture. For instance, the survey suggested that employees have access to more sensitive data than IT departments say they do. Two-thirds of the 588 security professionals queried said that it is probable or certain that their organization had been breached through employees’ mobile devices.
The federal government knows the risks. Indeed, it is a bit of a quandary: The government can’t afford to be left behind in the age of mobility but, at the same time, can’t put highly sensitive data at risk or make back-end systems vulnerable.
FedTech discusses some of the options, such as the common access card (CAC). This approach requires that a card be plugged into a receptor device before access is granted to sensitive data. It may be secure, but seems a bit counter to the major benefit of mobility, which is easier access from more places.
The piece also discusses enterprise mobility management (EMM), The Federal Information Processing Standard (FIPS) security and other options. The bottom line is that there are ways to secure mobile devices. Implementing them, however, requires initiative and budget.
There are more than technical solutions. Chris Pyle, the president and CEO of Champion Solutions Group, lays out mostly non-technical steps that can be implemented at FierceMobileIT. They include implementing a formal bring your own device (BYOD) policy; requiring a password for mobile device access; making sure that passwords are strong; controlling access through limiting login attempts and inactivity; restricting password use and requiring changes.
Pyle’s post, and the survey upon which it was based, was aimed at small- and medium-sized businesses. It is clear that he has the right idea. The specific steps all seem good. The more important realization is that meeting the challenge lies with people – both administrators and users – and not technology alone.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.