Click for a hub of Extension resources related to the current COVID-19 situation.
COVID-19 Resources
Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

DIR link to protecting mobile devices pdf

by Leave a Comment

http://www.nascio.org/publications/documents/NASCIO-SecurityAtTheEdge2.pdf
SECURITY AT THE EDGE: PROTECTING MOBILE COMPUTING DEVICES

If a state is going to permit non-government-issued smartphones to be used
in the workplace, there are steps that need to be taken to provide adequate
security measures.

  •  Extend enterprise security policies to encompass personal devices used for business purposes. To the extent possible, State CIOs must formally extend security policies, standards, and guidelines to address use of personal devices and supersede inconsistent agency level policy standards that may cause a threat to the integrity of the government network.

  •  Acquire security software. Requiring employees who use their smartphones to access the network to use security software on that phone. Security suites provide features such as encryption, antivirus, firewalls, and other essential protections. Some can even be set up so that phones are required to have a firewall active before they can connect to the network.

  •  Use password protection. Most smartphones and their operating systems have the ability to set up the phone to be password-protected.

     This is something that should be explicitly required.

  • Enable remote wiping. If a user loses his or her phone, remote wiping allows the data on that phone to be erased from the office. The employee, of course, must be made aware of this requirement prior to being authorized to use the device for business purposes.
  • Disable unnecessary features. For example, require users with Bluetooth to disable the broadcast mode so that others can’t discover and attack that phone via Bluetooth.
  • Give smartphones only appropriate access. Set policies so that certain databases, applications, or documents cannot be accessed by phone. That way, even if an employee loses his or her phone, only a limited part of the network will potentially be vulnerable.7
  • Enforce security policies. Once mobile device policies have been established, it is important to check for compliance. The states must have faith in the devices connected to the network are secure, but also verify security precautions meet expectations