Guidelines for Mobile Computing Security

Posted on by Robert Moskowitz

Mobililty is clearly the future of computing. Smartphones and tablets are more powerful and bring-your-own device is an accepted reality.

This raises major security issues, as mobile computing can be readily compromised at the device, network and wireless connectivity levels. The mobile device itself—whether a portable computer, personal digital assistant, laptop, smartphone, tablet computer, or a wearable computer—can be damaged, lost, or stolen.   Mobile communications elements, properties, protocols, data formats, and technologies can be targeted and result is lost or damaged data.

Smartphones pose special risks due to the inherent weaknesses in SMS, MMS, Wi-Fi networks, and GSM. They are also vulnerable to attacks against apps, web browsers, and operating systems. Most importantly, typical mobile device users tend to be unaware of or too casual about security measures, commonly leaving their devices open to malicious software and individualized attacks.

It doesn’t help that portable devices frequently depend on public networks for normal operations. Many people use mobile devices to collect, access, and process large amounts of valuable and sensitive personal, corporate, and financial information while on insecure networks.

Fortunately, countermeasures currently exist and and more are being developed.

Mobile computing security can be implemented in various layers of mobile software, operating systems, and downloadable apps. In addition, end users can be sensitized to the dangers and educated as to best practices, greatly increasing their devices' security.

Guidelines for Mobile Computing Security

Encryption: Mobile devices that do store sensitive data can be protected by means of encryption systems. Automatic encryption/decryption systems exist, but are less secure than systems which require the user to enter a password at the beginning of every session. Both Android and Apple iOS devices can be set up to utilize encryption capabilities.

External Identification: End users should label their mobile devices with their name and telephone contact information so lost devices can be returned to them, even after their battery has gone dead.

Limiting Data Storage: One of the best ways to prevent the compromise or loss of sensitive data is not to store it on a mobile device. Such data can be stored in the cloud or accessed from a proprietary server. Naturally, means of access must be thoroughly secured, or there is no advantage to be gained from keeping sensitive data off a mobile device.

Lost Device Locator and Data Eraser Systems: Depending on the mobile device and its operating systems, there are various technologies that enable end users to locate a lost device (even if it's just between the couch cushions). Failing that, there are ways to remotely erase sensitive data. Encourage end users to enroll their devices in a good system, and to learn how to use it.

Passwords and Timeouts: End users should set a password and a relatively brief timer to shut down and lock their mobile devices when left idle for even a few minutes. Passwords and timeouts prevent—or at least delay—unauthorized users from gaining access to sensitive data not only on lost or stolen devices, but also on devices left unattended in homes and offices.

Trusted Sources: Mobile devices can add software from a variety of sources, but end users should rely only on trusted sources, such as the Apple iTunes Store, Google Play, or the Amazon App Store for Android. Other sources are less likely to thoroughly search for and prevent software contaminated by viruses or other malware.

Updates: Hackers and defensive software are engaged in running battles for superiority, so any delay in updating operating systems and/or security systems leaves mobile devices particularly vulnerable. Systems should be set to check automatically for updates, and users should get in the habit of performing manual updates at regular intervals.

While it may seem like no data is safe in this technological age, users can greatly decrease the likelihood of a security breach on their devices by adhering to these mobile computing security guidelines.

Robert Moskowitz

, New Mobility Partnerships

BYOD mobile security

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community