Presentation is loading. Please wait.

Presentation is loading. Please wait.

Industry Best Practices – Security For Smartphones / Mobile Devices

Published byThilo Dressler Modified over 6 years ago

Similar presentations

Presentation on theme: "Industry Best Practices – Security For Smartphones / Mobile Devices"— Presentation transcript:

1 Industry Best Practices – Security For Smartphones / Mobile Devices
San Diego Industrial Counterintelligence Working Group (SDICIWG) Date: 11 July 2012

2 Table of Contents What is a Smartphone
Background - Smartphones / Mobile Devices Cyber Security Threat – Methods Used to Access or Collect Data Industry Best Practices - How to Protect Yourself Against the Threat Conclusion

3 What is A Smartphone? Smartphone: Is a mobile communication device that offers users expanded capabilities from traditional mobile devices. The features can include text messaging, e- mail access, Internet browsing, and mobile operating systems that enable incorporation of third-party applications to offer even more expanded features.

4 Background - SmartPhones / Mobile Devices
According to the National Security Institute there are now over 100 million smartphone users in the U.S., and research shows they check their phones an average of 34 times a day. Because of their highly portable nature, smartphones are particularly prone to loss or theft, resulting in unauthorized persons gaining physical access to the devices. Cyber Criminals are increasingly targeting smartphones – mobile devices for Illegal activity, such as acquiring company or personal data.

5 Cyber Threat - Methods Used To Access or Collect Data
Cyber criminals increasingly targeting smartphones & personal digital assistants (PDAs) for illegal activity. Some of the ways in which they gain access to personal or sensitive company data includes: Lost and Stolen Cell Phones: According to security experts, lost and stolen cell phones and other mobile devices such as PDA are the biggest mobile security threat to companies. Distribution Malicious Apps: Cyber criminals and hackers distribute Malicious Apps that Contain Trojans to access or steal data. Malicious Apps and software is sometimes downloaded via seemingly trusted links. Malicious Apps - Frequently this malware is distributed through application stores that have minimal or no review process for their content. In some cases malware has been hidden in pirated versions of legitimate apps, which are then distributed through 3rd party app stores. Malware risk also comes from what's known as an "update attack," where a legitimate application is later changed to include a malware component, which users then install when they are notified that the app has been updated. Additionally, the ability to acquire software directly from links on the web results in a distribution vector called "malvertizing," where users are directed to click on links, such as on ads that look legitimate, which then open in the device's web browser and cause malware to be downloaded and installed automatically

6 Cyber Threat - Methods Used To Access or Collect Data
Wi-Fi Threat: Attackers can create phony Wi-Fi hotspots designed to attack mobile phones and may patrol public Wi-Fi networks for unsecured devices. Phishing or Smishing Attacks: Cyber criminals use electronic communication to trick users into installing malicious software or giving away sensitive information. Smishing exploits vulnerabilities through text messages (SMS/MMS).

7 Best Practices - Steps to Take To Protect Smartphones
Recommended Security Tips For Smartphone Users Passwords: Require a strong password of at least six characters. Auto Lock: Set up smartphones - mobile devices to automatically lock after 5 minutes inactivity. Auto Wipe: Configure devices to automatically wipe after 10 failed login attempts or if the mobile device is reported lost or stolen. Mobile Security Software: Require the IT Department to install mobile security software on their phones to protect against viruses and malware. Security Education: Remind employees to not click - follow unsolicited links sent in suspicious or text messages. Unknown links may lead to malicious websites. Passwords - A basic measure is to require all employees safeguard their devices by enabling PIN or password protection to get into the operating system when you turn the phone on or to unlock it.

8 Best Practices - Steps to Take To Protect Smartphones
Turn Off Unneeded Apps: Educate employees / users to turn off the applications such as Bluetooth, Wi-Fi, Infrared, and GPS when not specifically in use. This will not only reduce the attack surface, it will also increase battery life of the mobile device. Encryption: Have the IT Department install and enable local encryption to help protect data stored on the mobile phone. Device Restrictions: Implement a policy that restricts employees from accessing certain apps (e.g., password spoofers) and sites with explicit content. Security Configuration: Some smartphones can be configured to use your rights management system to prevent unauthorized persons from viewing sensitive information on the phone or to prevent “authorized users” from copying or forwarding the data to third parties. Device Restrictions – Password Spoofers are people (hackers – cyber criminals) or a program that successfully masquerades as another by falsifying data and thereby gaining an illegitimate access into a system. Set Bluetooth-enabled devices to non-discoverable. When in discoverable mode, your Bluetooth enabled device are visible to other nearby devices, which alerts an attacker or infected devices to target you. When in non-discoverable mode, your Bluetooth-enabled devices are invisible to other unauthenticated devices.

9 Security Best Practices For Smartphone Users
Smartphone Security: Consider deploying smartphone security, monitoring, and management software such as that offered by Blackberry, iPhone, Android, Symbian, and Juniper Networks for Windows Mobile. Have users connect to the corporate network through an SSL VPN. Company IT Security Policy: Ensure your company establishes a comprehensive IT Security Policy that covers all mobile devices (laptops, smartphones, smartpads, PDAs, and flash sticks). Smartphone Security - Mobile security software is available for all of the major smartphone platforms. Some of the most popular mobile security suites include Kaspersky Mobile Security, Trend Micro Security, F-Secure Mobile Security, and Norton’s Mobile Security Products.

10 CONCLUSION Questions?

11 Sources Cyber Threats to Mobile Phones, US-CERT United States Computer Emergency Readiness Team, By Paul Ruggiero and Jon Foote, 2011 Carnegie Mellon University, Produced for US- CERT Smartphone Enterprise Security Risks and Best Practices, By Debra Littlejohn Shinder, December 2, 2010, 5:04 PM PST, enterprise-security-risks-and-best-practices/1935 Five Tips For Securing Mobile Data, Tech Republic, By Shun Chen, November 22, 2010, 9:50 AM PST, Wikipedia, The Free Encyclopedia, Smartphones, 09 July 12 Top 5 mobile phone security threats in 2012, SearchSecurity, By Robert Westervelt, News Director, 09 Dec 2011, phone-security-threats-in-2012 Blackberry Photos,

Download ppt "Industry Best Practices – Security For Smartphones / Mobile Devices"

Similar presentations

ATK Space 9617 Distribution Avenue San Diego, California 92121 Tel: (858) 621-5700 Fax: (858) 621-5770 Website:

ATK Space 9617 Distribution Avenue San Diego, California Tel: (858) Fax: (858) Website:
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Www.sophos.com/loveyourphone Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.

Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
1 Alcatel Onetouch Antivirus. 2 Thinking about security on your smartphone Alcatel OneTouch? We have the solution. Among the applications on your smartphone,

1 Alcatel Onetouch Antivirus. 2 Thinking about security on your smartphone Alcatel OneTouch? We have the solution. Among the applications on your smartphone,
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Quiz Review.

Quiz Review.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration www.nasa.gov.

Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Cyber Crimes.

Cyber Crimes.
THREATS TO MOBILE NETWORK SECURITY

THREATS TO MOBILE NETWORK SECURITY
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Similar presentations

Ads by Google