KEMBAR78
mobile_security best practices and protection | PDF
Uploaded byAmineBesrour
PDF, PPTX24 views

mobile_security best practices and protection

The document outlines mobile security guidelines for employees using personal and corporate-owned devices, emphasizing the need for both physical and digital security to protect corporate data. It provides practical steps such as using strong passwords, device encryption, and cautious use of public networks, as well as actions to take if a device is lost. Additionally, it describes protocols for data synchronization and compliance with organizational security standards.

Download as PDF, PPTX
MOBILE SECURITY JOB AID Security guidelines to employees who use personal and corporate- owned mobile devices
INTRODUCTION • In todays business and information world, most organizations have moved from the desire to work hard but rather smarter. While there are many job automation tools and procedures, developing a job aid is the fastest way to achieve performance turnover. • Therefore, job aid is a respiratory of information and processes and procedures gathered from experts but not from the employee to assist his/her memory and execute the task accurately and effectively.
MOBILE SECURITY • Enterprises increasingly becoming mobile has brought a new desire to balance mobile connections and security of corporate data. • Changing technology and portability of mobile devices has forced NC organization to rely heavily on those devices in various personal and business related activities such as surfing the web, video calling, sharing files, messaging, financial mobile transactions among others which are in possession of various employees. • I Mobile devices are more vulnerable to physical attacks due to their portability and online attacks such as malware, phishing and attack by viruses. The web has became the major avenue of attackers. • However, all is not lost. There are some practical steps that help the employee secure both physical and digital security or minimize expose for the good of the company’s corporate data.
PHYSICAL SECURITY FOR MOBILE DEVICES Mobile devices like smartphones, tablets and small computers run programs and store documents for the company such that if lost or stolen might result to a big security problem (Fennelly, 2016). The company may lose vital information or grant access to un authorized people to email correspondence, address books or financial data. The following guidelines are very important; • Never leave your smart phone unattached even for a minute. • use ‘open’ wireless networks cautiously because robbers monitor these devices in public places like airports. • Use passwords for your device and for confidential information because no one wishes confidential information land in the ands of a thieve. • Regularly review and discard data on your device that will not be involved in the current activity. • If you use email messaging, use devices that supports TLS/SSL security protection for wireless VPN protection.
DATA AND INFORMATION SECURITY To protect data and information, consider implementing the following regulations. • Physically encrypt all mobile devices to prevent malicious parties from accessing stored data. Most devices such as mobile phones use simcards which are well encrypted even if the device is physically damaged. Encryption is stronger than personalized passwords because it cannot be broken using specialized software (Peltier, 2016). • Strong passwords is important. passwords made of alpha numeric and special characters, long enough to minimize chances of guessing. • Have a plan for lost devices specifically install a software to remotely wipe data. • Separate segregating (downloading or storing) business data in personal devices. • Maintain control of settings by ensuring the employee cannot modify key settings or install applications that can modify business data as well. • Do not text sensitive data because in most cases it is not encrypted and hence easily intercepted.
COMPLY WITH ORGANIZATIONAL STANDARDS established control procedures • Establish and maintain shut down procedures • Configure the settings of the system registry and the systems objects (for Windows OS only) • Establish and maintain specific directory installation rules and domain controller installation rules • Enable historical logging on the Intrusion Detection System and Intrusion Prevention System. • Configure virtual networks in accordance with the information security policy
GUIDELINES FOR SETTING FILE ENCRYPTION 1. Create new end encryption policy for the device 2. Make sure file encryption rules appear and select end key (use a unique key for each policy) such that only end point encryption users access the files in the device. 3. Under folder to encrypt, specify folders that are automatically encrypted on the end point while encryption agent synchronizes end points. 4. Select the encryption key. for user key use a unique key for each end point encryption user and any endpoint encryption user for enterprise key. 5. Under storage, use the following options (Carlisle, & Tregub, 2015); •. Select ‘disable optical drivers’ to control whether removable media is accessible from end point. •. Select ‘disable use drives’ to control when USB are disabled •. Select ‘encrypt all files and folders on USB devices’ to automatically encrypt all files. 6. Under notifications select ‘show legal notice’ to show the specific legal message after installing encryption agent.
BASIC SYNCHRONIZATION PROCEDURES • The application user initiates the process, the data that has changed since the last synchronization is prepared to be send to the server through compression and encryption (Borghei, 2016). • After preparation, establish connection to the synchronization server. Authenticate with server, data packets send to communication network and to the server. • The server receives data to be synchronized and uses logic to determine whether data needs to be transformed before being send to data source. • Synchronization server authenticates the user against enterprise data source before it starts data transfer using the enterprise adapter before data transfer. • Detect conflicts in the data being updated and take an action. • Relevant changes are effected on the server since the last synchronization before data is sent back to device application. Additional security and encryption is required. • The data is send in client application and updated in mobile data store.
SURVIVAL STEPS WHEN THE MOBILE DEVICE GETS LOST Again, there are three things to remember before the device gets lost. • Install the mobile app provided by mobile career to be able to locate it online. • Use a password • Make sure your device knows you by setting emergency contact information. E.g. for Android: Settings>Security>Owner Info and iOS There are several steps; 1. Call your device or use the mobile app for an alert using another device. 2. Use the mobile app functionality to locate the device. 3. Text the device such that if the text message appear on the screen a good Samaritan an easily get to you. 4. With automatic cloud backup in the device, back up data and wipe it immediately. This is a sure way to ensure security of data. 5. Lock your device using wireless mobile carrier app from any location. 6. Contact the carrier to disable all services from your phone. 7. Alert the police to get a legal report in order to protest for fraudulent charges and to take responsibility of tracking device thefts.
REFERENCES •Fennelly, L. (2016). Effective physical security. Butterworth- Heinemann. •Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. •Jueneman, R. R., Linsenbardt, D. J., Young, J. N., Carlisle, W. R., & Tregub, B. G. (2015). U.S. Patent No. 9,049,010. Washington, DC: U.S. Patent and Trademark Office. •Backholm, A., & Liang, S. (2014). U.S. Patent No. 8,787,947. Washington, DC: U.S. Patent and Trademark Office. •Borghei, H. (2016). U.S. Patent No. 9,258,715. Washington, DC: U.S. Patent and Trademark Office.

More Related Content

PDF
Good Security Whitepaper
bygenasun
 
PPTX
Control Issues and Mobile Devices
bysunnay
 
PPTX
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
byPace IT at Edmonds Community College
 
PPTX
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
byOracleIDM
 
PPT
electinfor safesecurityfor safety24july .ppt
byAllenBurdowski1
 
PDF
3 steps security
bybrightfire-slides
 
PPTX
Pace IT - Secure Mobile Devices
byPace IT at Edmonds Community College
 
PDF
Penntech IT Solutions and cyber security
byPenntech IT Solutions
 
Good Security Whitepaper
bygenasun
 
Control Issues and Mobile Devices
bysunnay
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
byPace IT at Edmonds Community College
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
byOracleIDM
 
electinfor safesecurityfor safety24july .ppt
byAllenBurdowski1
 
3 steps security
bybrightfire-slides
 
Pace IT - Secure Mobile Devices
byPace IT at Edmonds Community College
 
Penntech IT Solutions and cyber security
byPenntech IT Solutions
 

Similar to mobile_security best practices and protection

PDF
Small Business Quick Wins Guide
byJacob Ford
 
PDF
Nist.sp.800 124r1
byGlobal Business Professor
 
PPTX
Outside the Office: Mobile Security
byMcKonly & Asbury, LLP
 
PPTX
Secure End User
byMuhammad Salahuddien
 
PPTX
Isaca tech session 19 feb 2013 securing mobile devices rev
bySarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
PDF
Securing Mobile Devices in the Workplace - Six Tips For Midsize Businesses
byMidmarketIBM
 
PPTX
Topic 2 Cutbirth and Love
byRobert Cutbirth
 
DOCX
Protecting Personal Information A Guide for Businesses Small Bu.docx
bybriancrawford30935
 
PPTX
4 mobile and remote best practices
bymohamad Hamizi
 
PDF
En msft-scrty-cntnt-e book-protectyourdata
byOnline Business
 
DOC
Mobile Device Security Policy
byRedspin, Inc.
 
PDF
Free_business_IT_security_policy_template_v5.pdf
byklodianelezi1
 
PDF
Safeguard Your Business
byDWP Information Architects Inc.
 
PDF
Small Business Guide to Information Security
byLeo Welder
 
PPTX
Mobile Device Security
bynexxtep
 
PDF
Building a culture of security
byCourion Corporation
 
PDF
Mobile Security: 5 Steps to Mobile Risk Management
byDMIMarketing
 
PPTX
What every executive needs to know about information technology security
byLegal Services National Technology Assistance Project (LSNTAP)
 
PPSX
Enterprise mobileapplicationsecurity
byVenkat Alagarsamy
 
PDF
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
byDMI
 
Small Business Quick Wins Guide
byJacob Ford
 
Nist.sp.800 124r1
byGlobal Business Professor
 
Outside the Office: Mobile Security
byMcKonly & Asbury, LLP
 
Secure End User
byMuhammad Salahuddien
 
Isaca tech session 19 feb 2013 securing mobile devices rev
bySarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Securing Mobile Devices in the Workplace - Six Tips For Midsize Businesses
byMidmarketIBM
 
Topic 2 Cutbirth and Love
byRobert Cutbirth
 
Protecting Personal Information A Guide for Businesses Small Bu.docx
bybriancrawford30935
 
4 mobile and remote best practices
bymohamad Hamizi
 
En msft-scrty-cntnt-e book-protectyourdata
byOnline Business
 
Mobile Device Security Policy
byRedspin, Inc.
 
Free_business_IT_security_policy_template_v5.pdf
byklodianelezi1
 
Safeguard Your Business
byDWP Information Architects Inc.
 
Small Business Guide to Information Security
byLeo Welder
 
Mobile Device Security
bynexxtep
 
Building a culture of security
byCourion Corporation
 
Mobile Security: 5 Steps to Mobile Risk Management
byDMIMarketing
 
What every executive needs to know about information technology security
byLegal Services National Technology Assistance Project (LSNTAP)
 
Enterprise mobileapplicationsecurity
byVenkat Alagarsamy
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
byDMI
 

Recently uploaded

PPTX
Project Dashboard in Odoo 18 Project
byCeline George
 
DOCX
PRESS STATEMENT - Response to Minority_ Press Ready.docx
bynservice241
 
PDF
TUYỂN CHỌN 30 ĐỀ THI CHỌN HỌC SINH GIỎI LỚP 9 CÁC TỈNH NĂM 2024-2025 MÔN TIẾN...
byNguyen Thanh Tu Collection
 
PDF
1.1 Historical background & development of Profession of Pharmacy.pdf
byMr. SAKHARE R. S.
 
PDF
Yaksha Prashna | General Quiz at RLAC | Amlan Sarkar | Full Set
byAmlan Sarkar
 
PPTX
ILA 2025 Prague CLS Presentation of Leadership journal
byjohanalvehus
 
PPTX
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
PPTX
Exploring Entrepreneurial Qualities: A Curated Presentation for Grade 11 Busi...
bySamanthaNkoana
 
PPTX
DPSM-BITDA Introduction Presentation Slides
byGreat Files
 
PPTX
Capitol Webinar October 2025 Dr. Jha.pptx
byCapitolTechU
 
PDF
BD1TL - TNTEU - Teaching and Learning - Unit - 2.pdf
byDr Raja Mohammed T
 
PPTX
psychoanalytic Theory.pptx, MSc. Nursing
byKomalJaiswal46
 
PPTX
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
PDF
BUSINESS ETHICS – UNIT V: Ethical Insights from Thirukkural and Modern Thought
byD NANEE
 
PDF
The Children’s Support Fund, set up to support the welfare and education of c...
bynservice241
 
PDF
Learning English by Project Based Learning: How to Make Foreign Friends
bysilvianalevana
 
PPTX
How to Create a Manifest File in Odoo 18
byCeline George
 
PPTX
Capital Budgeting - Risk Analysis Using Sensitivity Analysis
bySundar B N
 
PPTX
Essay Type Answer Writing Analysis Workshop.pptx
byDhatriParmar
 
PDF
Total Quality Management : A presentation by a third year student.
byMbalenhle Ndlovu
 
Project Dashboard in Odoo 18 Project
byCeline George
 
PRESS STATEMENT - Response to Minority_ Press Ready.docx
bynservice241
 
TUYỂN CHỌN 30 ĐỀ THI CHỌN HỌC SINH GIỎI LỚP 9 CÁC TỈNH NĂM 2024-2025 MÔN TIẾN...
byNguyen Thanh Tu Collection
 
1.1 Historical background & development of Profession of Pharmacy.pdf
byMr. SAKHARE R. S.
 
Yaksha Prashna | General Quiz at RLAC | Amlan Sarkar | Full Set
byAmlan Sarkar
 
ILA 2025 Prague CLS Presentation of Leadership journal
byjohanalvehus
 
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
Exploring Entrepreneurial Qualities: A Curated Presentation for Grade 11 Busi...
bySamanthaNkoana
 
DPSM-BITDA Introduction Presentation Slides
byGreat Files
 
Capitol Webinar October 2025 Dr. Jha.pptx
byCapitolTechU
 
BD1TL - TNTEU - Teaching and Learning - Unit - 2.pdf
byDr Raja Mohammed T
 
psychoanalytic Theory.pptx, MSc. Nursing
byKomalJaiswal46
 
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
BUSINESS ETHICS – UNIT V: Ethical Insights from Thirukkural and Modern Thought
byD NANEE
 
The Children’s Support Fund, set up to support the welfare and education of c...
bynservice241
 
Learning English by Project Based Learning: How to Make Foreign Friends
bysilvianalevana
 
How to Create a Manifest File in Odoo 18
byCeline George
 
Capital Budgeting - Risk Analysis Using Sensitivity Analysis
bySundar B N
 
Essay Type Answer Writing Analysis Workshop.pptx
byDhatriParmar
 
Total Quality Management : A presentation by a third year student.
byMbalenhle Ndlovu
 

mobile_security best practices and protection

  • 1.
    MOBILE SECURITY JOBAID Security guidelines to employees who use personal and corporate- owned mobile devices
  • 2.
    INTRODUCTION • In todaysbusiness and information world, most organizations have moved from the desire to work hard but rather smarter. While there are many job automation tools and procedures, developing a job aid is the fastest way to achieve performance turnover. • Therefore, job aid is a respiratory of information and processes and procedures gathered from experts but not from the employee to assist his/her memory and execute the task accurately and effectively.
  • 3.
    MOBILE SECURITY • Enterprisesincreasingly becoming mobile has brought a new desire to balance mobile connections and security of corporate data. • Changing technology and portability of mobile devices has forced NC organization to rely heavily on those devices in various personal and business related activities such as surfing the web, video calling, sharing files, messaging, financial mobile transactions among others which are in possession of various employees. • I Mobile devices are more vulnerable to physical attacks due to their portability and online attacks such as malware, phishing and attack by viruses. The web has became the major avenue of attackers. • However, all is not lost. There are some practical steps that help the employee secure both physical and digital security or minimize expose for the good of the company’s corporate data.
  • 4.
    PHYSICAL SECURITY FORMOBILE DEVICES Mobile devices like smartphones, tablets and small computers run programs and store documents for the company such that if lost or stolen might result to a big security problem (Fennelly, 2016). The company may lose vital information or grant access to un authorized people to email correspondence, address books or financial data. The following guidelines are very important; • Never leave your smart phone unattached even for a minute. • use ‘open’ wireless networks cautiously because robbers monitor these devices in public places like airports. • Use passwords for your device and for confidential information because no one wishes confidential information land in the ands of a thieve. • Regularly review and discard data on your device that will not be involved in the current activity. • If you use email messaging, use devices that supports TLS/SSL security protection for wireless VPN protection.
  • 5.
    DATA AND INFORMATIONSECURITY To protect data and information, consider implementing the following regulations. • Physically encrypt all mobile devices to prevent malicious parties from accessing stored data. Most devices such as mobile phones use simcards which are well encrypted even if the device is physically damaged. Encryption is stronger than personalized passwords because it cannot be broken using specialized software (Peltier, 2016). • Strong passwords is important. passwords made of alpha numeric and special characters, long enough to minimize chances of guessing. • Have a plan for lost devices specifically install a software to remotely wipe data. • Separate segregating (downloading or storing) business data in personal devices. • Maintain control of settings by ensuring the employee cannot modify key settings or install applications that can modify business data as well. • Do not text sensitive data because in most cases it is not encrypted and hence easily intercepted.
  • 6.
    COMPLY WITH ORGANIZATIONAL STANDARDS establishedcontrol procedures • Establish and maintain shut down procedures • Configure the settings of the system registry and the systems objects (for Windows OS only) • Establish and maintain specific directory installation rules and domain controller installation rules • Enable historical logging on the Intrusion Detection System and Intrusion Prevention System. • Configure virtual networks in accordance with the information security policy
  • 7.
    GUIDELINES FOR SETTINGFILE ENCRYPTION 1. Create new end encryption policy for the device 2. Make sure file encryption rules appear and select end key (use a unique key for each policy) such that only end point encryption users access the files in the device. 3. Under folder to encrypt, specify folders that are automatically encrypted on the end point while encryption agent synchronizes end points. 4. Select the encryption key. for user key use a unique key for each end point encryption user and any endpoint encryption user for enterprise key. 5. Under storage, use the following options (Carlisle, & Tregub, 2015); •. Select ‘disable optical drivers’ to control whether removable media is accessible from end point. •. Select ‘disable use drives’ to control when USB are disabled •. Select ‘encrypt all files and folders on USB devices’ to automatically encrypt all files. 6. Under notifications select ‘show legal notice’ to show the specific legal message after installing encryption agent.
  • 8.
    BASIC SYNCHRONIZATION PROCEDURES •The application user initiates the process, the data that has changed since the last synchronization is prepared to be send to the server through compression and encryption (Borghei, 2016). • After preparation, establish connection to the synchronization server. Authenticate with server, data packets send to communication network and to the server. • The server receives data to be synchronized and uses logic to determine whether data needs to be transformed before being send to data source. • Synchronization server authenticates the user against enterprise data source before it starts data transfer using the enterprise adapter before data transfer. • Detect conflicts in the data being updated and take an action. • Relevant changes are effected on the server since the last synchronization before data is sent back to device application. Additional security and encryption is required. • The data is send in client application and updated in mobile data store.
  • 9.
    SURVIVAL STEPS WHENTHE MOBILE DEVICE GETS LOST Again, there are three things to remember before the device gets lost. • Install the mobile app provided by mobile career to be able to locate it online. • Use a password • Make sure your device knows you by setting emergency contact information. E.g. for Android: Settings>Security>Owner Info and iOS There are several steps; 1. Call your device or use the mobile app for an alert using another device. 2. Use the mobile app functionality to locate the device. 3. Text the device such that if the text message appear on the screen a good Samaritan an easily get to you. 4. With automatic cloud backup in the device, back up data and wipe it immediately. This is a sure way to ensure security of data. 5. Lock your device using wireless mobile carrier app from any location. 6. Contact the carrier to disable all services from your phone. 7. Alert the police to get a legal report in order to protest for fraudulent charges and to take responsibility of tracking device thefts.
  • 10.
    REFERENCES •Fennelly, L. (2016).Effective physical security. Butterworth- Heinemann. •Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. •Jueneman, R. R., Linsenbardt, D. J., Young, J. N., Carlisle, W. R., & Tregub, B. G. (2015). U.S. Patent No. 9,049,010. Washington, DC: U.S. Patent and Trademark Office. •Backholm, A., & Liang, S. (2014). U.S. Patent No. 8,787,947. Washington, DC: U.S. Patent and Trademark Office. •Borghei, H. (2016). U.S. Patent No. 9,258,715. Washington, DC: U.S. Patent and Trademark Office.