Gold Lock 3G Encryption Mobile Information Security Best Practices Primer
Summary The purpose of this Gold Nugget is to outline the basics of Mobile Information Security (MIS). It should be noted from the start that all the encryption, anti-malware, and company policy will not prevent 100% of information loss. These practices are based on the honest efforts off employees to protect their company's sensitive information. Intentional release of information is difficult, if not impossible, to prevent especially on mobile devices.
Training and Policy A clear understanding of your company's MIS policies will help prevent accidental information loss and also provide a frame work for investigating information loss. Resources: www.cissp.com www.auerbach-publications.com
Passwords The cell phone should be password protected if that feature is available. The password should block all access the device until a valid password is enabled. The password used should be as strong a password as technologically possible. Guidance on creating strong passwords can be found here
Reporting Compromised Devices In the event your device is lost, stolen, misplaced, is suspected to be such, it should be reported to your IT department. Recovered devices should be taken to your IT department a cell phone dealer immediately for more information on checking for and removing spyware.
Storing Information Sensitive or restricted data should never be stored on a cell phone, unless it can be encrypted. Keep in mind that encryption is no good if strong passwords are not effectively put into place and used.
Transmission Security/Encryption Where possible, data transmissions from a cell phone should be encrypted. Hackers and corrupt carrier employees are able to intercept your conversations while in transit between devices and use/sell the information they steal. Encrypting your transmissions keeps the information from being useful as easily. The stronger encryption the less useful the information because of the effort to decrypt. Gold Lock 3G has the most robust encryption on the market, and is compatible with the most devices and networks . www.gold-lock.com
Wireless Access/Bluetooth Wireless access, such as Ethernet, Bluetooth, etc., to the cell phone should be disabled when not in use to prevent unauthorized wireless access to the device. These should never be used when speaking about sensitive topics over your mobile device. It defeats the purpose of encrypting transmissions from the cell phone. Interception happens at the un-encrypted Bluetooth transmission and not the encrypted transmission from the phone
Wireless Access/Bluetooth In general, keep your wireless connection on hidden mode unless you specifically need to be visible to others. Wireless access should be configured to query the user for confirmation before connecting to wireless networks. For example, when Bluetooth is on, select the “check with me before connecting” option to prevent automatic connections with other devices.
Malware Malware comes in the form of spyware on mobile devices (smart phones in particular). Spyware can be installed with or without physical access to the device. Exercise caution when accepting applications sent via wireless or opening SMS attachments as they may include software harmful to your cell phone.
Device behaves as a bug. Can see and hear surrounding conversations. </li></ul></ul>
Anti-Malware Just as with PCs, smart phones have anti-malware software available. This software prevents and detects malware on your smart phone keeping conversations secure when using or around it. When joined with a strong transmission encryption software, like Gold Lock, your conversations are more secured from your microphone to the receiver's speaker. The Sigillu Total Security Phone provides this complete security and more.
Conclusion This has been a short presentation to educate you on the general aspects of Mobile Information Security and alert you as to vulnerabilities of mobile devices. For more information please contact us at: [email_address] 954-376-5715 Ext 101 – Dealer Sales Ext 103 – End User Sales