McKonly & Asbury, LLP, profile picture
Uploaded byMcKonly & Asbury, LLP
PPTX, PDF665 views

Outside the Office: Mobile Security

This document discusses mobile security best practices for organizations. It covers the risks of mobile device use including data breaches from lost or stolen devices or malware. It provides tips for securing smartphones like using passwords and downloading apps only from official stores. Technologies for securing mobile users like VPNs and mobile device management are presented. The importance of employee security training and having proper policies for BYOD are emphasized.

Embed presentation

Downloaded 15 times
Cybersecurity Frameworks and You The Perfect Match
Building Successful Employee Relationships A Cornerstone to Fraud Prevention and Risk Management
Building Successful Employee Relationships A Cornerstone to Fraud Prevention and Risk Management
Mobile Security Outside the Office
Introductions Tyler Wenger • Helpdesk Technician • Marketing Consultant • Microsoft Technology Associate (MTA) David Hammarberg • Principal of Forensic Accounting • Certified Fraud Examiner (CFE) • Director of Information Technology • CPA, MCSE, CISSP, CISA • 16+ years of experience
Today’s Objective • To better understand mobile technologies, the threats that exist within a mobile / remote environment, how to avoid and thwart those threats, and to understand your role within mobile security.
Why Is This Important? • Usage • Time • Accessibility • Money • Constantly Changing • Data! Data! Data!
Takes Two To Be Secure • Proper Security measures need to be put in place by the IT department to keep mobile users secure. • Proper employee security training needs to be place.
Agenda • An overview of the smartphone / tablet industry • An understanding of what mobile technologies are being used by small to medium size organizations • An understanding of the increased risk of mobile technology • An understanding of mitigation strategies for risks associated with mobile technologies. What is your mobility strategy? • Living in a mobile world: practical steps and real questions
Mobile Technology • Smart Phones • Tablets • Laptops • Watches • BYOD
Smartphone Statistics • Research estimates more than six billion smartphone users by 2020 • Over 50% of smartphone users grab their smartphone immediately after waking up • 84% of mobile users utilize the same smartphone for business and personal use • Mobile email opens have grown by 180% in the last three years • Mobile will likely account for 50% of all digital ad spend in 2016 (worth $100B) Data from https://www.impactbnd.com/blog/mobile-marketing-statistics-for-2016 and https://www.sophos.com/en- us/security-news-trends/security-trends/malware-goes-mobile.aspx
Smartphones • All-In-One Devices • Super Computers • Limitless Mobility • Size • Physical security • Unique Operating Systems (OS) • Apple (iOS) • Android • Windows • Mobile Fragmentation • Susceptible to attacks • App Based, web-based, or SMS/Text Message-based
Apple vs. Android • Android • Global popularity and open approach • Open source vs proprietary • Lack of control of its potential integrations • Apple • Control the entire ecosystem • Software, hardware, firmware • App Transport Security (ATS) • Secures user data sent via Apps • "The majority of enterprises still feel it is easier for them to secure their enterprise data on the iOS platform.” - Mobile Analyst Dionisio Zumerle
7 Tips for Smartphone Security 1. Use a PIN or Password 2. Download Apps only from trusted stores • Apple App Store • Google Play Store 3. Keep your Operating System and Apps Update 4. Log Out of sites / apps after completing transactions 5. Turn off Wi-Fi and Bluetooth when not in use 6. Backup your data 7. Avoid giving out personal information
Secure Technology Options for Mobile Users • Citrix • VPN – Company to User • Cloud based – Connection to the Cloud Server • MDM – Mobile Device management Solutions
What Are The Risks? • Data breach caused by: • Unsecure connections • Lost or stolen mobile devices • Unauthorized users • Compromised devices connecting to the network • Malware incident
Three Most Common Mobile Security Breaches 1. Device loss / Theft • Theft of all pertinent data • Expensive international calls • In app purchases 2. Malware • Spam email contacts • Infect other devices • Harvest Passwords (secure password products?) 3. Unsecured Networks • Rogue Wi-Fi Networks • Tricks people into joining wrong network at airports, stations, or coffee shops • More common in Asia than in US / Europe
Real Life Examples • Mobile phishing and ransomware • Using an infected mobile device to infiltrate nearby devices • Cross-platform banking attacks • Cryptocurrency mining attacks
Mobility Driving Business and IT Change • Forcing organizations to have BYOD policy and plan; provide employee device choice • Anytime, anywhere, any device access now standard • Heightened importance of social business interactions • Need to factor in considerations across the business not just IT- HR, Legal, Security, Finance, Telco Plans.
Mobile Security and Management • Protection of privacy and confidential information • Policies for client-owned smartphones and tablets • Visibility, security & management of mobile platform requirements
Mobile Strategy Helps You Make The Right Choice 1. Understand current state and strategic direction. 2. Understand user profiles and their security requirements 3. Analyze gaps 4. Define recommendations and solution outline 5. Build road map
Key Areas You Need to Address • Devices: Which device types and form factors should be supported and do I have a need for special types of devices? • Governance: What are the policies, guidelines and programs for mobile users and bring-your-own devices? (BYOD) • Support: What is the best way to support my users? • Mobile Applications: What mobile applications do I have today and what is the best way to roll out additional applications in the future? • IT Infrastructure: What tools do I need in place to allow me to effectively manage my mobile devices? • Network: What type of network access will my users require? Cellular Carrier? Corporate Wi-Fi? • Security: What security policies should be in place to ensure the safety of my corporate assets?
Bring Your Own Device (BYOD) - Policy • What are you trying to achieve? • Define, document and publish your "Bring Your Own Device" (BYOD) Policy • You need input from a number of departmental functions: • IT • HR • Legal • Security • Finance • Your network carrier(s) • Entitlement • Which employees are eligible for business devices (Corporate liable)? • Which employees bring their own? • What data, functions, applications will be accessed? • Which devices will you support?
Mobile Device Management (MDM) • Advanced mobile device management (MDM) functions are designed to enhance security and usability of mobile devices • Software that secures, monitors, manages and supports mobile devices • Over-the-air distribution of applications, data and configuration settings • Supports company-owned and employee-owned devices
Dual Factor Authentication • Requires multiple factors for authentication • Uses multiple combinations of the following… • Something you know (username, password, PIN, etc.) • Something you have (smartphone, Token Device, key fab, etc.) • Something you are (fingerprint, retinal scan, voice recognition, etc.) • Requires an extra step, but “an ounce of prevention is worth a pound of cure.”
Dual Factor Vendors • Duo Security • RSA SecurID - Tokens
Security Awareness • Employees are the largest risk to the organization. • Employees can circumvent the best security policies. • What is your organization doing to train your employees?
Mobile Threats: They Are Real
Mobile Threats: They Are Real
How Do I Know If My Device Is Infected? • Decreased performance • Slow operation and function • Poor battery life • Device gets exceptionally hot for no reason • Device turns on by itself • Applications open / close on their own • Downloaded items/apps without your permission • Phone log shows calls you didn’t make • Emails sent to unknown addresses
My Device Is Lost / Stolen! Now What? • Ensure that you cannot find it • Notify your organization’s IT Department • Wipe the phone remotely via iCloud or other remote solutions • Contact Law Enforcement
Simple Steps to Mobile Security • Physical security – Know where your device is at! • Use strong username and password controls • Alphanumeric codes may be the best option • Keep Operating System and Apps up-to-date • Equip your device with Anti-malware software • Turn Wi-Fi off when in public settings • Do Not automatically join networks • Wireless Hotspot for Laptops • Encrypt your device • Think when opening emails (social engineering) • Set device to wipe contents after specified number of failed login attempts
Questions? Tyler Wenger • Helpdesk Technician • Marketing Consultant • Microsoft Technology Associate (MTA) • TWenger@macpas.com David Hammarberg • Principal of Forensic Accounting • Certified Fraud Examiner (CFE) • Director of Information Technology • CPA, MCSE, CISSP, CISA • DHammarberg@macpas.com
Building Successful Employee Relationships A Cornerstone to Fraud Prevention and Risk Management
Questions? • Documents: • https://www.nist.gov/cyberframework • NIST Cybersecurity Framework website • http://energy.gov/sites/prod/files/2014/03/f13/C2M2-v1-1_cor.pdf • Maturity model • https://www.sans.org/media/critical-security-controls/critical-controls- poster-2016.pdf • SANS Top 20 Critical Security Controls
Questions? Tyler Wenger • Helpdesk Technician • Marketing Consultant • Microsoft Technology Associate (MTA) • TWenger@macpas.com David Hammarberg • Principal of Forensic Accounting • Certified Fraud Examiner (CFE) • Director of Information Technology • CPA, MCSE, CISSP, CISA • DHammarberg@macpas.com

More Related Content

PDF
5 Ways to Protect your Mobile Security
byLookout
 
PDF
Mobile Security at the World Cup
byLookout
 
PDF
Mobile Security: The 5 Questions Modern Organizations Are Asking
byLookout
 
PPTX
Mobile Security - 2015 Wrap-up and 2016 Predictions
bySkycure
 
PPTX
Internet of Things - Desire for Convenience Brings Multiple New Attack Vectors
byCraig Walker, CISSP
 
PDF
2015 Cybersecurity Predictions
byLookout
 
PDF
Relentless Mobile Threats to Avoid
byLookout
 
PDF
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
byPing Identity
 
5 Ways to Protect your Mobile Security
byLookout
 
Mobile Security at the World Cup
byLookout
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
byLookout
 
Mobile Security - 2015 Wrap-up and 2016 Predictions
bySkycure
 
Internet of Things - Desire for Convenience Brings Multiple New Attack Vectors
byCraig Walker, CISSP
 
2015 Cybersecurity Predictions
byLookout
 
Relentless Mobile Threats to Avoid
byLookout
 
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
byPing Identity
 

What's hot

PDF
Article on Mobile Security
byTharaka Mahadewa
 
PDF
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
byUnited Technology Group (UTG)
 
PPTX
Dos and Don'ts of Internet Security
byQuick Heal Technologies Ltd.
 
PDF
Smart Bombs: Mobile Vulnerability and Exploitation
byTom Eston
 
PPTX
ICT and end user security awareness slides
byjubke
 
PPTX
IT Security DOs and DON'Ts
bySophos
 
PDF
Managing Mobile Business Insecurities
byPing Identity
 
PDF
Evolutionand impactofhiddenmobilethreats wandera
byAnjoum .
 
PPTX
User's Guide to Online Privacy
bycdunk12
 
PDF
Malware on Smartphones and Tablets - The Inconvenient Truth
byAGILLY
 
PPSX
West Chester Tech Blog - Training Class - Session 10
byWilliam Mann
 
PPTX
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
bycentralohioissa
 
PDF
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
byRaleigh ISSA
 
PDF
Trojan horseofbyod2
byStephanie Vanroelen
 
PDF
iOS and Android security: Differences you need to know
byNowSecure
 
PDF
10 things you should know about cybersecurity
byUnited Technology Group (UTG)
 
PDF
Mobile Hacking
byNovizul Evendi
 
PDF
Why Your Mobile Device Isn’t As Secure As You Think
byBlue Coat
 
PDF
Spring Cleaning for Your Smartphone
byLookout
 
PDF
How to (Safely) Cut the Cord With Your Old iPhone
byLookout
 
Article on Mobile Security
byTharaka Mahadewa
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
byUnited Technology Group (UTG)
 
Dos and Don'ts of Internet Security
byQuick Heal Technologies Ltd.
 
Smart Bombs: Mobile Vulnerability and Exploitation
byTom Eston
 
ICT and end user security awareness slides
byjubke
 
IT Security DOs and DON'Ts
bySophos
 
Managing Mobile Business Insecurities
byPing Identity
 
Evolutionand impactofhiddenmobilethreats wandera
byAnjoum .
 
User's Guide to Online Privacy
bycdunk12
 
Malware on Smartphones and Tablets - The Inconvenient Truth
byAGILLY
 
West Chester Tech Blog - Training Class - Session 10
byWilliam Mann
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
bycentralohioissa
 
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
byRaleigh ISSA
 
Trojan horseofbyod2
byStephanie Vanroelen
 
iOS and Android security: Differences you need to know
byNowSecure
 
10 things you should know about cybersecurity
byUnited Technology Group (UTG)
 
Mobile Hacking
byNovizul Evendi
 
Why Your Mobile Device Isn’t As Secure As You Think
byBlue Coat
 
Spring Cleaning for Your Smartphone
byLookout
 
How to (Safely) Cut the Cord With Your Old iPhone
byLookout
 

Viewers also liked

PDF
Mobile Security
byXavier Mertens
 
PDF
Mobile Security 101
byLookout
 
PPTX
Mobile Security
byKevin Lee
 
PDF
Mobile Security
byMarketingArrowECS_CZ
 
PDF
Fingraph service guide_v0.1a_20120905
bysyk1975
 
PDF
할인정보를 제공해 돈을 버는 비즈니스 - SALEr 사업계획서
by@hongss
 
PPTX
Gsm security and encryption
byRK Nayak
 
PPT
어른을 위한 영어 말하기
bySeyoung Choi
 
PDF
기브앤테이크(Give and Take)
by현진 최
 
PPTX
프로 세일즈맨의 커뮤니케이션 스킬은 따로 있다
bySP&S 컨설팅
 
PDF
2010: Mobile Security - Intense overview
byFabio Pietrosanti
 
PPTX
Mobile security
byBasant Kumar
 
PPTX
DreamSquare Pitch Deck
byidreamsquare
 
PDF
김경옥 한국플랜트수출현황과 무역보험의 역할
byKyoungOk Kim
 
PDF
취업성공을 위한 연애의 기술
byKenneth KIM
 
PPTX
R과 기초통계 : 01.자료다루기
byYoonwhan Lee
 
PDF
시간, 공간 그리고 미디어
bySK Telecom
 
PPT
Lcd
byguest1fc237d5
 
PPTX
Road to spring 2
by소현 김
 
PDF
저축식당 2
byOhyoon Kwon
 
Mobile Security
byXavier Mertens
 
Mobile Security 101
byLookout
 
Mobile Security
byKevin Lee
 
Mobile Security
byMarketingArrowECS_CZ
 
Fingraph service guide_v0.1a_20120905
bysyk1975
 
할인정보를 제공해 돈을 버는 비즈니스 - SALEr 사업계획서
by@hongss
 
Gsm security and encryption
byRK Nayak
 
어른을 위한 영어 말하기
bySeyoung Choi
 
기브앤테이크(Give and Take)
by현진 최
 
프로 세일즈맨의 커뮤니케이션 스킬은 따로 있다
bySP&S 컨설팅
 
2010: Mobile Security - Intense overview
byFabio Pietrosanti
 
Mobile security
byBasant Kumar
 
DreamSquare Pitch Deck
byidreamsquare
 
김경옥 한국플랜트수출현황과 무역보험의 역할
byKyoungOk Kim
 
취업성공을 위한 연애의 기술
byKenneth KIM
 
R과 기초통계 : 01.자료다루기
byYoonwhan Lee
 
시간, 공간 그리고 미디어
bySK Telecom
 
Lcd
byguest1fc237d5
 
Road to spring 2
by소현 김
 
저축식당 2
byOhyoon Kwon
 

Similar to Outside the Office: Mobile Security

PDF
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
bykostikjaylonshaewe47
 
PPTX
Why Mobile Security is the Next Frontier in Cybersecurity
bywininlifeacademy5
 
PDF
Securing mobile devices 1
byKamaljeet Singh Matharu (Kam)
 
PPTX
CS_UNIT 2(P3).pptx
byGaytriDhingra1
 
PDF
การสร้างเกราะป้องกันภัยคุกคาม ต่อข้อมูลความเป็นส่วนบุคคลในองค์กร
bySoftware Park Thailand
 
PDF
BYOD: Device Control in the Wild, Wild, West
byJay McLaughlin
 
PDF
Building a Mobile Security Model
bytmbainjr131
 
PDF
ISACA CACS 2012 - Mobile Device Security and Privacy
byMichael Davis
 
PPTX
Ms810 assignment viruses and malware affecting moblie devices
byrebelreg
 
PDF
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
byDMI
 
PDF
3 steps security
bybrightfire-slides
 
PPTX
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
byCamilo Fandiño Gómez
 
PPTX
iPads on your network? Take Control with Unified Policy and Management
byCisco Mobility
 
PPT
Secure Mobile Working 1.0
byJon Collins
 
PDF
Security and risk in a mobile world
byBrian Katz
 
PDF
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
bySelectedPresentations
 
PPTX
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
byCA API Management
 
PPT
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
byIBM Danmark
 
PDF
Andrew Jaquith SOURCE Boston 2011
bySource Conference
 
PDF
Securing mobile devices_in_the_business_environment
byK Singh
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
bykostikjaylonshaewe47
 
Why Mobile Security is the Next Frontier in Cybersecurity
bywininlifeacademy5
 
Securing mobile devices 1
byKamaljeet Singh Matharu (Kam)
 
CS_UNIT 2(P3).pptx
byGaytriDhingra1
 
การสร้างเกราะป้องกันภัยคุกคาม ต่อข้อมูลความเป็นส่วนบุคคลในองค์กร
bySoftware Park Thailand
 
BYOD: Device Control in the Wild, Wild, West
byJay McLaughlin
 
Building a Mobile Security Model
bytmbainjr131
 
ISACA CACS 2012 - Mobile Device Security and Privacy
byMichael Davis
 
Ms810 assignment viruses and malware affecting moblie devices
byrebelreg
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
byDMI
 
3 steps security
bybrightfire-slides
 
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
byCamilo Fandiño Gómez
 
iPads on your network? Take Control with Unified Policy and Management
byCisco Mobility
 
Secure Mobile Working 1.0
byJon Collins
 
Security and risk in a mobile world
byBrian Katz
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
bySelectedPresentations
 
Enterprise on the Go - Devon Winkworth, Snr. Principal Consultant, Layer 7 @ ...
byCA API Management
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
byIBM Danmark
 
Andrew Jaquith SOURCE Boston 2011
bySource Conference
 
Securing mobile devices_in_the_business_environment
byK Singh
 

More from McKonly & Asbury, LLP

PPTX
Cybersecurity Risk Management Program and Your Organization
byMcKonly & Asbury, LLP
 
PPTX
Data Analytics: Better Decision, Better Business
byMcKonly & Asbury, LLP
 
PPTX
Navigating the new Trust Services Criteria
byMcKonly & Asbury, LLP
 
PPTX
Business Ethics & The Three Monkeys in the Room
byMcKonly & Asbury, LLP
 
PPTX
Not-For-Profit Organizations: Lessons Learned from Implementation of the New ...
byMcKonly & Asbury, LLP
 
PPTX
Not-for-Profit Financial Reporting: How to Convert Your Financial Statements ...
byMcKonly & Asbury, LLP
 
PPTX
Modern Trust Laws: Delivering Direction and Control
byMcKonly & Asbury, LLP
 
PPTX
Tax Credit Opportunities for Historic Building Rehabilitations
byMcKonly & Asbury, LLP
 
PPTX
Ethics: A Focus on the 7 Threats
byMcKonly & Asbury, LLP
 
PPTX
Professional Ethics for CPAs - What the Rules Say and How to Interpret Them
byMcKonly & Asbury, LLP
 
PPTX
Preparing to Buy? Topics and Tips for Buying a Business
byMcKonly & Asbury, LLP
 
PPTX
Preparing to Buy or Sell? Topics and Tips for a Successful Transition
byMcKonly & Asbury, LLP
 
PDF
Ratio Analysis and Business Performance – Why Should I Care – Part 2?
byMcKonly & Asbury, LLP
 
PPTX
Business Valuation Update & Impact of the Tax Cuts and Jobs Act
byMcKonly & Asbury, LLP
 
PPTX
Leasing: A New Standard is Finally Here
byMcKonly & Asbury, LLP
 
PPTX
Tax Reform Legislation Analysis
byMcKonly & Asbury, LLP
 
PPTX
Tax Reform Legislation Analysis - Part 2
byMcKonly & Asbury, LLP
 
PPTX
2018 Pennsylvania Tax Update: The State Budget, Legislation, and Multistate T...
byMcKonly & Asbury, LLP
 
PPTX
Tax Cut and Jobs Act: What You Need to Know
byMcKonly & Asbury, LLP
 
PPTX
2019 State Taxes: Pennsylvania Update and The Multistate Tax Climate
byMcKonly & Asbury, LLP
 
Cybersecurity Risk Management Program and Your Organization
byMcKonly & Asbury, LLP
 
Data Analytics: Better Decision, Better Business
byMcKonly & Asbury, LLP
 
Navigating the new Trust Services Criteria
byMcKonly & Asbury, LLP
 
Business Ethics & The Three Monkeys in the Room
byMcKonly & Asbury, LLP
 
Not-For-Profit Organizations: Lessons Learned from Implementation of the New ...
byMcKonly & Asbury, LLP
 
Not-for-Profit Financial Reporting: How to Convert Your Financial Statements ...
byMcKonly & Asbury, LLP
 
Modern Trust Laws: Delivering Direction and Control
byMcKonly & Asbury, LLP
 
Tax Credit Opportunities for Historic Building Rehabilitations
byMcKonly & Asbury, LLP
 
Ethics: A Focus on the 7 Threats
byMcKonly & Asbury, LLP
 
Professional Ethics for CPAs - What the Rules Say and How to Interpret Them
byMcKonly & Asbury, LLP
 
Preparing to Buy? Topics and Tips for Buying a Business
byMcKonly & Asbury, LLP
 
Preparing to Buy or Sell? Topics and Tips for a Successful Transition
byMcKonly & Asbury, LLP
 
Ratio Analysis and Business Performance – Why Should I Care – Part 2?
byMcKonly & Asbury, LLP
 
Business Valuation Update & Impact of the Tax Cuts and Jobs Act
byMcKonly & Asbury, LLP
 
Leasing: A New Standard is Finally Here
byMcKonly & Asbury, LLP
 
Tax Reform Legislation Analysis
byMcKonly & Asbury, LLP
 
Tax Reform Legislation Analysis - Part 2
byMcKonly & Asbury, LLP
 
2018 Pennsylvania Tax Update: The State Budget, Legislation, and Multistate T...
byMcKonly & Asbury, LLP
 
Tax Cut and Jobs Act: What You Need to Know
byMcKonly & Asbury, LLP
 
2019 State Taxes: Pennsylvania Update and The Multistate Tax Climate
byMcKonly & Asbury, LLP
 

Recently uploaded

PDF
Mobile and Online Banking_ Open an Account Today.pdf
bykmn4gloa39pwajpujj
 
PDF
Where to Buy LinkedIn Accounts_ [12 Best Site.pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
automatic-enrolment-review-2017-maintaining-the-momentum.PDF
byHenry Tapper
 
PDF
TikTok Seller Accounts in 2025_ Social Commerce, Trust Signals.pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
How to Buy Instagram accounts for professional brand ... (1).pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
Where to Buy Verified Chime Accounts for Quick ....pdf
bykmn4gloa39pwajpujj
 
PDF
Buy Twitter Accounts — An Educational Overview.pdf
byh3lfp4332e3gctbnm22w
 
PDF
Comprehensive consulting casebook from FMS Delhi (2023–24), covering framewor...
byAnshulchauhan866815
 
PPTX
CMMI Consulting & Implementation Services.pptx
bySunil Yadav
 
PDF
24 Best Tiktok Seller Center Services To Buy Online.pdf
byidc1w3adizw383go
 
PDF
Finovate report on the outlook for Fintechin 2026
byChris Skinner
 
PPTX
DeFi Passive Income: From definitions to practical examples
byAli Mohammad Saghiri
 
PDF
The Easiest Way to Buy Snapchat Accounts (1).pdf
byidc1w3adizw383go
 
PDF
Top 5 Places to Buy Aged LinkedIn Accounts and Should ....pdf
byd4633pnxrkfjibzcniru
 
PDF
how to Buy linkedin Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
PDF
How to Buy a USA Facebook Accounts Safely.pdf
byyl62ghphl9tyxn3q8lv5
 
PDF
Step-by-Step Guide to Purchasing USA Facebook ....pdf
byyl62ghphl9tyxn3q8lv5
 
PDF
How to Buy USA Facebook Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
PDF
Equinox Gold - Corporate Presentation.pdf
byEquinox Gold Corp.
 
PDF
Co-operative and Mutual Economy 2025.pdf
byHenry Tapper
 
Mobile and Online Banking_ Open an Account Today.pdf
bykmn4gloa39pwajpujj
 
Where to Buy LinkedIn Accounts_ [12 Best Site.pdf
bykeb2bq5cegc6m2xa32ay
 
automatic-enrolment-review-2017-maintaining-the-momentum.PDF
byHenry Tapper
 
TikTok Seller Accounts in 2025_ Social Commerce, Trust Signals.pdf
bykeb2bq5cegc6m2xa32ay
 
How to Buy Instagram accounts for professional brand ... (1).pdf
bykeb2bq5cegc6m2xa32ay
 
Where to Buy Verified Chime Accounts for Quick ....pdf
bykmn4gloa39pwajpujj
 
Buy Twitter Accounts — An Educational Overview.pdf
byh3lfp4332e3gctbnm22w
 
Comprehensive consulting casebook from FMS Delhi (2023–24), covering framewor...
byAnshulchauhan866815
 
CMMI Consulting & Implementation Services.pptx
bySunil Yadav
 
24 Best Tiktok Seller Center Services To Buy Online.pdf
byidc1w3adizw383go
 
Finovate report on the outlook for Fintechin 2026
byChris Skinner
 
DeFi Passive Income: From definitions to practical examples
byAli Mohammad Saghiri
 
The Easiest Way to Buy Snapchat Accounts (1).pdf
byidc1w3adizw383go
 
Top 5 Places to Buy Aged LinkedIn Accounts and Should ....pdf
byd4633pnxrkfjibzcniru
 
how to Buy linkedin Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
How to Buy a USA Facebook Accounts Safely.pdf
byyl62ghphl9tyxn3q8lv5
 
Step-by-Step Guide to Purchasing USA Facebook ....pdf
byyl62ghphl9tyxn3q8lv5
 
How to Buy USA Facebook Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
Equinox Gold - Corporate Presentation.pdf
byEquinox Gold Corp.
 
Co-operative and Mutual Economy 2025.pdf
byHenry Tapper
 

Outside the Office: Mobile Security

  • 1.
  • 2.
    Building Successful Employee Relationships ACornerstone to Fraud Prevention and Risk Management
  • 3.
    Building Successful Employee Relationships ACornerstone to Fraud Prevention and Risk Management
  • 4.
  • 5.
    Introductions Tyler Wenger • HelpdeskTechnician • Marketing Consultant • Microsoft Technology Associate (MTA) David Hammarberg • Principal of Forensic Accounting • Certified Fraud Examiner (CFE) • Director of Information Technology • CPA, MCSE, CISSP, CISA • 16+ years of experience
  • 6.
    Today’s Objective • Tobetter understand mobile technologies, the threats that exist within a mobile / remote environment, how to avoid and thwart those threats, and to understand your role within mobile security.
  • 7.
    Why Is ThisImportant? • Usage • Time • Accessibility • Money • Constantly Changing • Data! Data! Data!
  • 8.
    Takes Two ToBe Secure • Proper Security measures need to be put in place by the IT department to keep mobile users secure. • Proper employee security training needs to be place.
  • 9.
    Agenda • An overviewof the smartphone / tablet industry • An understanding of what mobile technologies are being used by small to medium size organizations • An understanding of the increased risk of mobile technology • An understanding of mitigation strategies for risks associated with mobile technologies. What is your mobility strategy? • Living in a mobile world: practical steps and real questions
  • 10.
    Mobile Technology • SmartPhones • Tablets • Laptops • Watches • BYOD
  • 11.
    Smartphone Statistics • Researchestimates more than six billion smartphone users by 2020 • Over 50% of smartphone users grab their smartphone immediately after waking up • 84% of mobile users utilize the same smartphone for business and personal use • Mobile email opens have grown by 180% in the last three years • Mobile will likely account for 50% of all digital ad spend in 2016 (worth $100B) Data from https://www.impactbnd.com/blog/mobile-marketing-statistics-for-2016 and https://www.sophos.com/en- us/security-news-trends/security-trends/malware-goes-mobile.aspx
  • 12.
    Smartphones • All-In-One Devices •Super Computers • Limitless Mobility • Size • Physical security • Unique Operating Systems (OS) • Apple (iOS) • Android • Windows • Mobile Fragmentation • Susceptible to attacks • App Based, web-based, or SMS/Text Message-based
  • 13.
    Apple vs. Android •Android • Global popularity and open approach • Open source vs proprietary • Lack of control of its potential integrations • Apple • Control the entire ecosystem • Software, hardware, firmware • App Transport Security (ATS) • Secures user data sent via Apps • "The majority of enterprises still feel it is easier for them to secure their enterprise data on the iOS platform.” - Mobile Analyst Dionisio Zumerle
  • 14.
    7 Tips forSmartphone Security 1. Use a PIN or Password 2. Download Apps only from trusted stores • Apple App Store • Google Play Store 3. Keep your Operating System and Apps Update 4. Log Out of sites / apps after completing transactions 5. Turn off Wi-Fi and Bluetooth when not in use 6. Backup your data 7. Avoid giving out personal information
  • 15.
    Secure Technology Optionsfor Mobile Users • Citrix • VPN – Company to User • Cloud based – Connection to the Cloud Server • MDM – Mobile Device management Solutions
  • 16.
    What Are TheRisks? • Data breach caused by: • Unsecure connections • Lost or stolen mobile devices • Unauthorized users • Compromised devices connecting to the network • Malware incident
  • 17.
    Three Most CommonMobile Security Breaches 1. Device loss / Theft • Theft of all pertinent data • Expensive international calls • In app purchases 2. Malware • Spam email contacts • Infect other devices • Harvest Passwords (secure password products?) 3. Unsecured Networks • Rogue Wi-Fi Networks • Tricks people into joining wrong network at airports, stations, or coffee shops • More common in Asia than in US / Europe
  • 18.
    Real Life Examples •Mobile phishing and ransomware • Using an infected mobile device to infiltrate nearby devices • Cross-platform banking attacks • Cryptocurrency mining attacks
  • 19.
    Mobility Driving Businessand IT Change • Forcing organizations to have BYOD policy and plan; provide employee device choice • Anytime, anywhere, any device access now standard • Heightened importance of social business interactions • Need to factor in considerations across the business not just IT- HR, Legal, Security, Finance, Telco Plans.
  • 20.
    Mobile Security andManagement • Protection of privacy and confidential information • Policies for client-owned smartphones and tablets • Visibility, security & management of mobile platform requirements
  • 21.
    Mobile Strategy HelpsYou Make The Right Choice 1. Understand current state and strategic direction. 2. Understand user profiles and their security requirements 3. Analyze gaps 4. Define recommendations and solution outline 5. Build road map
  • 22.
    Key Areas YouNeed to Address • Devices: Which device types and form factors should be supported and do I have a need for special types of devices? • Governance: What are the policies, guidelines and programs for mobile users and bring-your-own devices? (BYOD) • Support: What is the best way to support my users? • Mobile Applications: What mobile applications do I have today and what is the best way to roll out additional applications in the future? • IT Infrastructure: What tools do I need in place to allow me to effectively manage my mobile devices? • Network: What type of network access will my users require? Cellular Carrier? Corporate Wi-Fi? • Security: What security policies should be in place to ensure the safety of my corporate assets?
  • 23.
    Bring Your OwnDevice (BYOD) - Policy • What are you trying to achieve? • Define, document and publish your "Bring Your Own Device" (BYOD) Policy • You need input from a number of departmental functions: • IT • HR • Legal • Security • Finance • Your network carrier(s) • Entitlement • Which employees are eligible for business devices (Corporate liable)? • Which employees bring their own? • What data, functions, applications will be accessed? • Which devices will you support?
  • 24.
    Mobile Device Management(MDM) • Advanced mobile device management (MDM) functions are designed to enhance security and usability of mobile devices • Software that secures, monitors, manages and supports mobile devices • Over-the-air distribution of applications, data and configuration settings • Supports company-owned and employee-owned devices
  • 25.
    Dual Factor Authentication •Requires multiple factors for authentication • Uses multiple combinations of the following… • Something you know (username, password, PIN, etc.) • Something you have (smartphone, Token Device, key fab, etc.) • Something you are (fingerprint, retinal scan, voice recognition, etc.) • Requires an extra step, but “an ounce of prevention is worth a pound of cure.”
  • 26.
    Dual Factor Vendors •Duo Security • RSA SecurID - Tokens
  • 27.
    Security Awareness • Employeesare the largest risk to the organization. • Employees can circumvent the best security policies. • What is your organization doing to train your employees?
  • 28.
  • 29.
  • 30.
    How Do IKnow If My Device Is Infected? • Decreased performance • Slow operation and function • Poor battery life • Device gets exceptionally hot for no reason • Device turns on by itself • Applications open / close on their own • Downloaded items/apps without your permission • Phone log shows calls you didn’t make • Emails sent to unknown addresses
  • 31.
    My Device IsLost / Stolen! Now What? • Ensure that you cannot find it • Notify your organization’s IT Department • Wipe the phone remotely via iCloud or other remote solutions • Contact Law Enforcement
  • 32.
    Simple Steps toMobile Security • Physical security – Know where your device is at! • Use strong username and password controls • Alphanumeric codes may be the best option • Keep Operating System and Apps up-to-date • Equip your device with Anti-malware software • Turn Wi-Fi off when in public settings • Do Not automatically join networks • Wireless Hotspot for Laptops • Encrypt your device • Think when opening emails (social engineering) • Set device to wipe contents after specified number of failed login attempts
  • 33.
    Questions? Tyler Wenger • HelpdeskTechnician • Marketing Consultant • Microsoft Technology Associate (MTA) • TWenger@macpas.com David Hammarberg • Principal of Forensic Accounting • Certified Fraud Examiner (CFE) • Director of Information Technology • CPA, MCSE, CISSP, CISA • DHammarberg@macpas.com
  • 34.
    Building Successful Employee Relationships ACornerstone to Fraud Prevention and Risk Management
  • 35.
    Questions? • Documents: • https://www.nist.gov/cyberframework •NIST Cybersecurity Framework website • http://energy.gov/sites/prod/files/2014/03/f13/C2M2-v1-1_cor.pdf • Maturity model • https://www.sans.org/media/critical-security-controls/critical-controls- poster-2016.pdf • SANS Top 20 Critical Security Controls
  • 36.
    Questions? Tyler Wenger • HelpdeskTechnician • Marketing Consultant • Microsoft Technology Associate (MTA) • TWenger@macpas.com David Hammarberg • Principal of Forensic Accounting • Certified Fraud Examiner (CFE) • Director of Information Technology • CPA, MCSE, CISSP, CISA • DHammarberg@macpas.com

Editor's Notes

  • #7 This is what we hope each of you gets out of this webinar. This is the mission and the goal. As we go throughout this webinar I will be giving more of a personal approach to mobile security while Dave will be looking through the lens of an organization and how organizational management approaches mobile security.
  • #8 Users are spending more time, using more devices, doing more things, accessing more data and spending more money on mobile devices than ever before and that trend looks like it will continue for the foreseeable future. Marketers are pouring money into mobile advertising, developers are spending lots of money on app development, and that’s why Apple and Google consistently are the two most valuable companies in the world. If there is money involved, you can bet that hackers, phishers, and cyber attackers will be playing in that space as well. People are becoming mobile and if you, your organization, or your vendors are not ready you could experience some serious problems. This industry is constantly changing, adapting, moving forward. Must be prepared for what is going on now as well as what is going to come in the next 5-10 years. For sake of this presentation, we are going to focus on what is going on now. Most important reason is to secure data. Hackers are trying to get your data (SSN, EIN, Address, Phone Number, Credit card Number, bank account information, usernames, passwords, etc.)
  • #11 Devices always change People always bringing new devices into the network 20 years ago computers as phones would have been unthinkable, 10 years ago a computer as a watch would have been hard to believe. But where will we go next? I know Under Armour and some other athletic fashion wear companies are investing in wearable technology. I wouldn’t be surprised in 3-7 years you put on a t-shirt and you can view apps, heart rate, other biometric information right from your sleeve. Mobile technology is constantly evolving
  • #12 I just want to go over a few interesting statistics that I found and briefly discuss why I think each of these is important and how it applies to today’s webinar. 6 Billion users – mass quantity = plenty of opportunities for hackers and attackers to do what they want to do 50% when wake up – around us 24/7. using them, typing on them, calling on them, streaming music on them, they never leave our side. 84% important for organizations as more and more users meshing personal and business devices….I would think that’s also similar to laptops for personal and business use Mobile email opens – if I’m an attacker I am salivating at this statistic, more changes for social engineering and to phish end users into clicking on bad links which is why social engineering is extremely important. 100B – important because again there is a lot of money in this realm and attackers are trying to make money
  • #13 All In One Devices – Used as a phone, to send text messages, to take pictures, stream and play music, to browse the internet, as a GPS, to control temp / lighting in your house, can edit videos, check email, scan documents, see where your friends and family are at that exact moment, save and access info to secure cloud storage, access bank account information / deposit a check, now with NFT can be used as a payment solution (Apple Pay), and the list goes on and on. This makes the security of these devices extremely important. Limitless mobility – use them at work, in your car, in your bed, on the toilet, at a concert, etc. there is no limit to where you can use these devices. Makes physical security challenging. OS - Mobile device fragmentation is a phenomenon that occurs when some mobile users are running older versions of an operating system, while other users are running newer versions.
  • #14 Studies have found that a much larger percentage of mobile malware targets Android over iOS, the software that runs Apple’s devices. That’s primarily due to Android’s huge global popularity and its open approach. Much easier to try and “hack” via an app or Android software than on iOS. App Transport Security, or ATS, is a feature that Apple debuted in iOS 9. When ATS is enabled, it forces an app to connect to web services over an HTTPS connection rather than HTTP, which keeps user data secure while in transit by encrypting it. The “S” in HTTPS helpfully stands for secure and you’ll often see it appear in your browser when logging into your banking or email accounts. But mobile apps often aren’t as transparent with users about the security of their web connections, and it can be hard to tell whether an app is connecting via HTTP or HTTPS. Enter ATS, which is enabled by default for iOS 9. However, developers can still switch ATS off and allow their apps to send data over an HTTP connection — until the end of this year, that is. (For technical crowd: ATS requires TLS v 1.2, with exceptions for already encrypted bulk data, like media streaming.) Apple originally set the mandate for Apps to be in compliance with ATS HTTPS for January 1, 2017 > date has been extended and last I heard they had not set a new compliance date Apple securely controls which apps are available on its App Store, strictly reviewing all apps to avoid allowing malware through **After all, it only takes one piece of perfectly formed iOS malware to do as much damage as thousands of copycat Android threats. And both platforms are equally at risk from social engineering, where hackers use more personal methods to target your logins and data. A multitude of threats to Android could be greatly eliminated if all users upgraded their mobile phones to the latest version of the OS. The inconsistency of Android devices across old versions plays into the hands of malware creators, so it’s crucial to keep your own devices up to date. Apple does not have the same problem, as each release of iOS quickly reaches its users, due to the fact that iOS updates are big events that prompt mass upgrades. This means that consequential security scares are rare enough to be big news when they occur. While there are drawbacks to Apple’s tight grip over everything that occurs on its OS, there’s no doubt it makes for a more secure environment for casual users. Overall, Apple has more of an overarching defense against threats. Android is more of the Wild-West, but with the right safeguards and good decision making (installing trusted apps, having an app that runs security analysis for threats, etc.) Android can be secure as well
  • #15 2. Use a pin, password or pattern to lock your phone Setting this up is easy. For most Android™ devices, go to your Location & Security Settings for instructions. iOS users can find these functions in the General options of their settings. 3. Download apps only from trusted stores If you’re browsing for a new game or something more productive, use places such as Google Play™. Make sure you check ratings and reviews if they are available, and read the app’s privacy policy to see exactly what phone features it will have access to if you download. 4. Back up your data This is more about protecting and restoring your information should disaster strike. With Backup Assistant Plus and Verizon Cloud, you can save your contacts, music, pictures, videos and documents to the cloud. 5. Keep your operating system and apps updated There are typically periodic updates to both of these that not only add new features, but also offer tightened security. 6. Log out of sites after you make a payment If you bank or shop from your smartphone, log out of those sites once your transactions are complete. Other tips include not storing your usernames and passwords on your phone and avoiding transactions while you are on public Wi-Fi. 7. Turn off Wi-Fi and Bluetooth® when not in use You think of them as ways to connect to something, but thieves can use them to connect to your device and access files. 8. Avoid giving out personal information That text message that looks to be from your bank may not be. If you get requests via email or text for account information from any business, contact the business directly to confirm the request. The same advice goes for tapping links in unsolicited emails or texts
  • #16 Question: Safe to connect to public Wi-Fi? Starbucks, Panera, airport, stores, etc.?
  • #19 Just like the PC scams, bad guys are using social engineering through mobile apps and SMS text messages, which take advantage of human behavior and trust to gain access to data or infiltrate businesses, to make people click on links. Malware then ends up on the user’s PC. “If they can make you believe a message is from a trusted source, chances are you will click,” says Stu Sjouwerman, cofounder of security training company KnowBe4 LLC in Clearwater, Fla. “This trick has been used with email, instant messaging, social networks, and [now] they are even spoofing SMS text messages.” Even email messages, when opened on a mobile device, can infect laptops and enterprise systems. Sjouwerman advises mobile users to check for red flags. “If you click on an email message from a mobile app without checking for anything suspicious, you might download malware and infect your PC, so think before you click!” When working inside a company to identify vulnerabilities, pentester and mobile security expert Georgia Weidman recently asked herself from a hacker’s perspective, “wouldn’t it be nice if we could just walk into the network with a compromised phone and have direct network access” by way of a client side attack or social engineering.  She concluded that in many cases you can. “An infected mobile device allows you to breach an organization's perimeter and directly attack the devices on the network instead of having to break in some other way, you've already got direct network access,” Weidman says. Consider a simple scenario.  An Android device has been infected with the Smartphone-Pentest-Framework, or SPF Agent. The unsuspecting user thinks it’s an official news app, for instance, and thinks nothing of it, but it is also communicating with an SPF console that’s giving thieves access to mobile device data.  That device is sharing Wi-Fi with the laptop sitting nearby, and the thief is also able to breach the laptop, which contains company information or access to corporate systems. “If I have control of their mobile devices, I can go the traditional route like stealing their contacts or sending text messages to a premium number, but also if the device is connected to a Wi-Fi network I can attack additional systems on that network from the infected phone,” she explains. “Whether I’m connected to my home Wi-Fi, work Wi-Fi or Starbucks Wi-Fi, if there are any devices with vulnerabilities on that network, I can potentially exploit them directly from the infected mobile device.”  Gangs are also using malware on PCs to infiltrate mobile phones in hybrid attacks on user’s banking accounts, according to John Shier, security advisor at Sophos.  A piece of malware dropped on the user’s laptop can detect when the user is surfing his banking website. Dubbed a “man in the browser” attack – the spying is all done in browser memory “so they can intercept your banking credentials before they get encrypted and sent across the wire,” he explains.  Adding to the scam, thieves put up a warning message, such as “for increased security, download this app,” and they ask for the user’s phone number and email address to send an SMS to their phone or to download a link.  “You click on the SMS and download the app, and they basically own your desktop and your phone,” he says. Wondering why your mobile device is losing battery power too quickly or why it feels overheated? You might have cryptocurrency mining malware on your device. The malware infiltrates mobile devices in search of digital currencies, like Bitcoin, Litecoin and Dogecoin.  Found mostly in Android devices, the apps were injected in many cases with the CPU mining code from a legitimate Android cryptocurrency mining app. The miner is started as a background service once it detects that the affected device is connected to the internet.  By default, it launches the CPU miner to connect to a dynamic domain, which then redirects to an anonymous digital currency mining pool. “The reality is that the capabilities on the phone aren’t as great as they are in a big server or mainframe attacks,” says Kohavi. “But it’s a trial and error for these organized criminals to be able to put their foot into an area and then leverage that and see what they can get out of it.” Now transition into organizational perspective of mobile technology and how a mobile strategy can help your organization
  • #21 You are saying you should have an actual document?
  • #28 Dave highlight some possible security awareness solutions
  • #29 Difficult to truly determine but here are a few possible factors that may inform you that you have malware or some sort of virus on your device. Applies to laptops, smartphones, tablets, etc.
  • #30 Difficult to truly determine but here are a few possible factors that may inform you that you have malware or some sort of virus on your device. Applies to laptops, smartphones, tablets, etc.
  • #31 Difficult to truly determine but here are a few possible factors that may inform you that you have malware or some sort of virus on your device. Applies to laptops, smartphones, tablets, etc.
  • #32 Find My iPhone and other apps / tracking tokens can help track your device. Make sure it isn’t trapped under the sofa  Can use remote tools to wipe your phone remotely Should be handled with law enforcement as if it was your purse or wallet (if stolen)
  • #33 Alphanumeric – combines letters and numbers so it is more secure. Don’t make it easy “Tylerwenger1” A few ideas: mix letters of something meaningful with numbers that you will remember Physical security – everything below won’t matter if you don’t know where your device is located or who has access to it Password managers (LastPass, Keeper, Dashlane, 1Password, TrueKey, etc.) Antimalware software – especially important for Android users Wife – in iOS Settings > Wi-Fi > bottom option to ask to join networks Can swipe up from the bottom of the screen at anytime and click the Wi-Fi icon to turn it off Wireless Hotspot to tether your computer and phone (coffee shop)…will use data so be smart, but more secure than joining the public Wi-Fi. Encrypt: Software for laptops, iTunes can encrypt a backup Wipe after failed login attempts: can be managed by MDM or organizational management solutions
  • #34 Can I actually get Malware or a virus on my iPhone? A = Virtually impossible for malware or a virus to penetrate iOS due to Apple’s proprietary nature and the security of their system. It is possible something could get onto your iPhone, but through a web browser would be the only real way, Apps protected by ATS and by Apple’s unwillingness for open source developing.