Mobile security management
•Download as PPTX, PDF•
0 likes•50 views
Mobile devices are an intrinsic part of doing business today, but they can also be an entry point for security rick for your organization. In this presentation Greystone consultant Tim Sullivan presents tactics and strategies for securing BYOD and company owned mobile devices.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Mobile security management
Similar to Mobile security management (20)
Recently uploaded
Recently uploaded (20)
Mobile security management
- 1. Mobile Security Balancing risk and convenience in an increasingly mobile world
- 2. About Us
- 4. Device Ownership Corporate-owned devices Bring Your Own Device (BYOD)
- 5. Corporate Ownership Increased Control Fewer Privacy Issues
- 6. BYOD Less control = increased risk Cost savings Today's reality
- 7. Where are the Risks?
- 8. What is the biggest security risk for mobile devices?
- 10. What Can You Do?
- 11. BYOD Devices Implement a BYOD policy Educate Don’t reinvent the wheel
- 12. Protect your e-mail Email is most common exposure Outlook app vs. built-in mail app Integrate fingerprint security
- 13. Control Access Password/PIN protect access Enforce device encryption Ability to delete corporate data
- 14. Corporate Devices Protect, control & track corporate asset Advanced MDM tools Mobile security software
- 15. Don’t stop securing Threats evolve Security tools evolve Technology evolves
- 16. Additional Resources • Deck with notes • BYOD policy template • Outlook client with fingerprint security access installation instructions
Editor's Notes
- Greystone Technology is a technology services company with offices in Denver, Boulder, and Ft. Collins. Greystone offers fully outsourced IT services, supplemental IT services to support internal IT staff, IT project services,and Wordpress and digital marketing services. Greystone is 16 years old and has 85 employees working along the front range. About the Speaker: Tim Sullivan is a Business Technology Advisor at Greystone. Tim manages consulting teams and works with clients on strategic insights and planning, making sure that businesses leverage technology to create solutions that are effective and efficient. On every engagement, Tim underscores the need for an emphasis on security.
- Use of mobile in the workplace: We all carry at least one mobile device with us everyday, many of us have more than one. The reality is, whether they are officially allowed to or not, people are using that mobile device for work. They get their work email on their phones and access company data on their mobile device. And as convenient and necessary as they are, these devices introduce risk.
- How many of you require your employees have a mobile device for work? How many of you issue a company-owned mobile device to employees? How many of you allow employees to use their own mobile devices for work. Mobile device ownership is a tricky situation. On one hand, companies want their employees to work in the most efficient way possible. In most cases this includes working while out of the office which requires a mobile device. On the other hand, companies want control over their data, which usually means providing the necessary equipment for employees to do their job effectively. A company is able to have some control over corporate-owned devices, but not so much on personal phones with corporate data. How do companies balance the need for flexibility with the security risk and cost of ownership?
- When a company owns the device, they can implement tight controls over the use and protection of the device. There are fewer, if any, employee privacy issues since the device is owned by the company and the service is provided by the company. The drawback is this requires a heavy up-front investment in equipment and ongoing cost of managing and maintaining the devices.
- Allowing employees to bring their own device for work (BYOD) is also a balancing act. On one hand, it is easier and less expensive to allow BYOD. But there is increased risk because there is less control. Because of privacy issues, companies cannot control these phones to the degree they can with corporate owned devices. The reality is a company should assume employees are going to use their own mobile devices, either phones, tablets, or both, to get work done unless they are strictly forbidden to do so. Companies need to have safeguards in place.
- Risks include, but are not limited to: Malware WiFi hackers Introducing malware to corporate network Kids Loss/theft of device
- Think through all the ways a mobile device can be compromised. Virus Bluetooth or Wi-Fi hacks Lost or stolen devices Employee data theft
- Loss or theft of devices is the most common risk encountered. Remember the story of the CEO that Tim worked for who initially did not want to invest the time thinking through security for their phones? While he was involved in legal proceedings, he left his phone with some very sensitive data in a taxi. When he asked Tim what he could do to help him, it was already too late. Luckily, he was able to get his phone back. However there was still the risk that people accessed sensitive data.
- Implement a BYOD Policy: WHO can access WHAT corporate data on BYOD Required security measures What devices are allowed Privacy expectation & control Device reset and data deletion in case of loss/theft
- Most corporate data on employees mobile devices is in the form of email. Using the Microsoft Outlook app can increase security by keeping control over email even when it is on the device and requiring a PIN, password, or fingerprint password to access the email.
- At a minimum, every device should require a PIN, password, or fingerprint to access the device. The device should be set to auto-lock after five minutes. All devices should enable encryption (default state for Apple devices). Employees also need to grant the company the right to delete corporate data off the device at any time.
- Companies with corporate-owned devices typically employ more advanced Mobile Device Management software to protect, control, and track their “assets”. They may also install security software to protect against hacking and malware. MDM software can also ensure that devices are up-to-date with their security updates and the core operating system has not been modified.
- There is no autopilot for security. Threats, security, and technology are constantly evolving and it's important to stay up to date on the latest in each of those categories with quarterly or bi-annual reviews.
- Have any questions? Reach out to us and we are more than happy to answer them for you.