Trustworthy Mobile Security for Smartphones, Tablets, etc. Is there an App for that?
|
|
- Eric Blake
- 8 years ago
- Views:
Transcription
1 Trustworthy Mobile Security for Smartphones, Tablets, etc. is there an App for that? intimus consulting is a division of the MARTIN YALE GROUP Bergheimer Strasse Markdorf / Germany Trustworthy Mobile Security for Smartphones, Tablets, etc. Is there an App for that? Five Ways to manage the emerging Security Risks in our increasingly mobile Life WHITEPAPER
2 Trustworthy Mobile Security for Smartphones, Tablets, etc. Is there an App for that? Five Ways to manage the emerging Security Risks in our increasingly mobile Life Summary The past ten years have witnessed a remarkable shift in the way that businesses, organisations and individuals can access computing power. The very concept of a computer has irrevocably changed. In the old days of 2001, a computer was something that sat on a desk, with a hard drive in a nearby tower. Laptop computers were widely considered to be too expensive or unreliable for everyday use, and were often assigned only to regular business travellers or to the more valuable members of the organisation. The first smartphone: The IBM Simon (1992) (Source: Wikipedia) In 2001, smartphones existed (see the photo at right of the Kyocera QCP6035 from the year ), but they were mainly used by technology enthusiasts and early adopters, An early Kyocera smartphone (Source: PC World) and were not nearly as widespread as they are today. Most people carried cell phones, which were big and bulky by today s standards, and were mainly used only to make phone calls. Simply being able to send a text message was considered the height of cell phone communications technology. The original iphone (Source: Wikipedia) 1 Liane Cassavoy, In Pictures: A history of cell phones, PC World, May 7, 2007, published online at [cited on June 19, 2011] Trustworthy Mobile Security for Smartphones, Tablets, etc. - Is there an App for that? 2
3 Content Introduction 4 The advantages of solid state media 6 The drawbacks of solid state media 7 Solid state media information security risks and best practices 8 Five ways to manage Information Security Risks on mobile devices 1. Automatic Locking Check Reputation Confidentiality Special precautions for high ranking officials Decommissioning 11 Conclusion 12 Company Profile 13 Contact Details 13 Trustworthy Mobile Security for Smartphones, Tablets, etc. - Is there an App for that? 3
4 Introduction What a difference ten years can make. Today, smartphone users can access their , take and share high quality digital photos and videos, listen to music, watch movies, and connect to the Internet from anywhere, allowing them to interact with their world and be productive in unprecedented ways. Even as desktop PCs and laptops/notebooks have grown in speed and power, they have also started to be eclipsed by ever smaller, ever lighter models like netbooks (popular during ) and more recently by tablet PCs like the ipad. According to research from Gartner, sales of tablet computers are expected to more than quadruple from 15 million units sold worldwide in 2010, to over 70 million sold during Total tablet computer shipments are expected to approach 250 million by Tablet computers enable the same kinds of constant connectivity and interactions as a smartphone, but their larger screens and easier operability make it possible to bring computing power into workplaces in new ways. With a tablet computer, the factory floor can now be easily connected to the company s main network. Knowledge workers can access information via tablet computers in a Image source: The Economist lighter, more portable format. Hospital workers can record patient information at the bedside using a simple touch screen Restaurant staff can take reservations and coordinate seating with a tablet. The possibilities are limitless. One of the biggest reasons for the differences between the fixed computers of 2001 and the smartphones and tablet computers of today is the rise of solid-state storage media. 2 Josh Halliday, Tablet sales poised for spectacular growth, claims Gartner, Guardian, April 11, 2011, published online at [cited on June 19, 2011] 3 The Economist, Taking the tablets, March 2, 2011, published online at [cited on June 19, 2011] Trustworthy Mobile Security for Smartphones, Tablets, etc. - Is there an App for that? 4
5 Rather than relying on the moving parts of a hard disk drive, smartphones and tablets are built with sold-state drives, which enable these devices to be more portable and powerful than ever before. Computers are no longer fixed objects sitting on a desk. People now have the ability to carry computers in their pockets in the form of smartphones (which recently surpassed PCs in total worldwide shipments). 4 Source: CNN Money The dramatic increases in portability and flexibility of computer power has made possible great gains in productivity and a significant transformation in online culture as the Internet begins to infuse every aspect of daily life. But along with the benefits of the rise of smartphones and tablet computers, there are risks. The same features that make smartphones and tablets so beneficial can also pose damaging threats to the sensitive data of organisations. This paper will discuss some of the information security risks posed by the emerging solid-state media, such as smartphones and tablet computers. By exercising best practices and information assurance strategies, organisations can successfully navigate the risks posed by these powerful new forms of electronic storage media. 4 David Goldman, Smartphones have conquered PCs, CNN Money, February 9, 2011, published online at [cited on June 19, 2011] Trustworthy Mobile Security for Smartphones, Tablets, etc. - Is there an App for that? 5
6 The advantages of solid state media Solid state media offer several advantages that have made them the ideal foundation for the recent revolution in portable computing power. Traditional magnetic hard disk drives (HDDs), like the ones in 2001-era computers, are made of moving parts. There is literally a spinning disk within the drive, and movable read/write heads. Data is recorded into memory via electromagnetism. This type of storage media worked very well for the days when computers were immovable objects sitting on desks, but in order to create a more mobile computer, solid state storage was needed. Solid state drives (SSDs) have no moving parts, and rely on microchips and non-volatile memory chips, instead of magnetic media, to store data. SSDs are often used for external drives such as USB drives and mobile devices like smartphones and tablets. The can also be used internally as drives for laptops. The characteristics that make SSDs ideal for small, portable devices like smartphones and tablets include: Silent performance: SSDs do not make any sounds, like a spinning magnetic hard disk drive. Less susceptible to physical shock: Smartphones and tablets can be jostled or dropped, without losing data. Faster performance: SSDs deliver quicker access time and latency. Trustworthy Mobile Security for Smartphones, Tablets, etc. - Is there an App for that? 6
7 The drawbacks of solid state media As the size and stability of digital storage media has exponentially grown, it has become more difficult for organisations to prevent data breaches. There is simply too much information, too easily available, too easily duplicated, and stored in too many different places. As such, organisations are challenged with having to safely dispose of their obsolete devices. Hard disk drives (HDDs) are magnetic storage media, meaning that the recorded data can be successfully erased from the disk by using a degausser (subjecting the disk to a highly focused electromagnetic field). Another option to erase an HDD is to use the Secure Erase function built into most standard HDDs ever since From an information security standpoint, the primary drawback of solid state media is that the solid state drives (SSDs) are not as easy to purge of data as the magnetic HDDs. Since the SSDs do not rely on magnetic media for data storage, degaussers are not effective in sanitising the data. Secure Erase does not successfully erase an SSD, either. According to recent research from the University of California at San Diego, tests on the Apple Mac OS X showed that as much as 57% of stored data remained intact even after using the Secure Erase feature. 5 So if the old methods of data sanitisation will not succeed on these new forms of solid state storage media, how are organisations supposed to protect themselves? There are several significant risks posed by solid state media, and several key recommendations to help overcome those risks. 5 Dan Goodin, Flash drives dangerously hard to purge of sensitive data, The Register, Feb. 21, 2011, published online at [cited on June 17, 2011] Trustworthy Mobile Security for Smartphones, Tablets, etc. - Is there an App for that? 7
8 Solid state media information security risks and best practices Many users of solid state media, especially smart phones, get lulled into a false sense of security. After all, how can such a friendly, useful device possibly pose any information security risk? Many solid state media users become almost too comfortable with their devices, and fail to protect them the same way they would treat a workplace desktop PC. Other people see their mobile devices as an extension of themselves, and fail to uphold a proper division between work and personal use, for example, by downloading certain apps onto a work-issued smartphone or tablet, even though the apps might pose an information security risk. Mobile solid state media devices like smartphones are more vulnerable than many people realise, with possible negative consequences including hacking, identity theft, data breach, or wrongful disclosure of financial information. According to a 2008 CompTIA survey of more than 2,000 information security professionals, over half responded that risks related to mobile devices and remote workers were up compared to When employees work remotely or carry devices with them, especially when using their devices to access the Internet via public networks, there is a risk of theft or loss. Organisations need to ensure that they have trained their staff on how to properly handle their tablet PCs and other portable devices using secure passwords, data encryption, and other methods to thwart potential data thieves. An additional security risk of solid state media which is often overlooked is the sheer quantity of devices that are now in use. Smartphones especially tend to have short life cycles of 2 years or less, as people constantly trade up for the newest models with the fastest performance and the fanciest technology. This means that in a few years, organisations could potentially be faced with vast numbers of obsolete solid state media devices, which are no longer needed by the business and which could pose a threat if not disposed of safely. Organisations need to start planning now to properly decommission and sanitise their solid state media devices (smartphones, tablets, USB drives, and others) once they have gone out of service. 6 Al Sacco, Six essential Apple iphone security tips, PC World, October 12, 2008, published online at [cited on June 19, 2011] Trustworthy Mobile Security for Smartphones, Tablets, etc. - Is there an App for that? 8
9 In December 2010, ENISA (European Network and Information Security Agency) published a paper on smartphone security, outlining the top 10 risks of smartphone usage (for business and personal use) and also made several recommendations for how to counteract the risks. Many of these risks apply to tablet users as well, since the technology and usage of these devices is similar. Some of the top risks identified in the ENISA report include: 7 Data leakage: an attacker successfully accesses the data on a lost or stolen device. Improper decommissioning: the device is disposed of or reassigned to another user without successfully deleting sensitive data stored on the device, allowing this information to fall into the wrong hands. Unintentional data disclosure: Many users are unaware of the privacy settings on the various apps that they use with their devices. Sensitive data might be transmitted via an app, without the knowledge of the user. Phishing: A data thief steals user credentials, passwords or credit card numbers using fake apps, text messages or s that seem credible. Spyware: The device becomes affected by invasive software that is installed by an attacker to access sensitive data by abusing privilege requests. Network spoofing attacks: A data thief creates a rogue network access point to attract users, and then captures the user s communications and sensitive information to carry out additional attacks such as phishing. Surveillance: Spying on a person by using that person s smartphone or tablet device. Diallerware: Stealing money from a person by using malware to exploit premium SMS (text) message services. 7 Dr. Giles Hogben, Dr. Marnix Dekker, ENISA, Smartphones : Information security risks, opportunities and recommendations for users," December 10, 2010, published online at [cited on June 19, 2011] Trustworthy Mobile Security for Smartphones, Tablets, etc. - Is there an App for that? 9
10 Financial malware: Malicious software (malware) designed to steal credit card numbers, online banking credentials or subverting online banking or ecommerce transactions. Fortunately, the ENISA report also outlines some key recommendations for how individuals and organisations can minimise the risks of solid state devices. Many of the risks can be mitigated with good security practices and training throughout the organisation. Key recommendations include: 1. Automatic locking: Configure the device so that it locks automatically after a few minutes. This will prevent the device from being easily accessed by a data thief. 2. Check reputation: Prior to installing or using any new apps or services on the smartphone or tablet, make sure to check the reputation of the app being installed. Organisations should also consider creating a whitelist of acceptable apps that employees have permission to install on their work-issued devices, especially if the devices are used to handle sensitive internal data, or if the organisation s internal network is accessible to the devices. 3. Confidentiality: Use memory encryption for the device s memory and any removable media that accompany the device. 4. Special precautions for high ranking officials: When high ranking people within an organisation use mobile solid state media devices, a few extra precautions are needed. The devices of high ranking individuals can be especially valuable to data thieves, as they often contain the most restricted sensitive information that can be most highly damaging to the organisation if it falls into the wrong hands. For these reasons, ENISA recommends the following precautions: Trustworthy Mobile Security for Smartphones, Tablets, etc. - Is there an App for that? 10
11 o o o No local data: High ranking officials should not be able to store sensitive data locally on the device. Instead, the users should only be able to access sensitive data online via the organisation s internal network, using a non-caching app. This will limit the exposure of the organisation s most sensitive data, keeping it contained within the company s network, rather than dispersed onto multiple mobile devices. Encryption software: Just as many organisations use encryption to send highly confidential messages, it is also possible to encrypt VOIP calls and SMS (text) messages to protect highly confidential conversations from end-to-end. Periodic reload: Smartphones and tablets may be periodically wiped (using secure deletion) and reloaded with a specially prepared and tested disk image. While this periodic reloading can minimise the amount of sensitive information on the device at any one time while it is being used, the only secure way to sanitise data on the device is done at the point of decommissioning. 5. Decommissioning: Before decommissioning, disposing of or recycling an obsolete or unneeded smartphone or tablet device, apply a thorough memory wipe procedure to the device. One of the most reliable methods to sanitise data from a solid state drive, according to recent research 8, is to fully encrypt the drive s contents, and then delete the corresponding encryption keys from the key store. This results in putting the drive s contents into a permanent mode of encryption, unable to be deciphered or recovered by anyone. The drive can then be physically destroyed using a disintegrator. The biggest challenge of safely decommissioning solid state media devices is that even after an SSD has received a wiping procedure, a certain amount of information from the device can still be restored (with some effort) even without the encryption keys. Encryption keys are also do not provide failsafe security. Many encryption keys have been cracked by hackers, and other encryption keys have back doors that are vulnerable to exploitation. 8 Dan Goodin, Flash drives dangerously hard to purge of sensitive data, The Register, Feb. 21, 2011, published online at [cited on June 17, 2011] Trustworthy Mobile Security for Smartphones, Tablets, etc. - Is there an App for that? 11
12 Conclusion Solid state media such as smartphones and tablets are becoming an ever-increasing presence in the daily operations of organisations. With over 100 million smartphones shipping worldwide in 2010, and over 200 million tablets per year expected to ship during 2014, more organisations will need to adapt their security protocols to handle the unique risks of these powerful, portable media. In addition to the security risks posed by such highly portable, versatile devices, one of the principal challenges of these new media is that they are so difficult to securely erase. The traditional methods of securely erasing a hard disk drive (HDD) do not apply to the microchipbased solid state drives (SSDs) that power smartphones, tablets and many laptops. Along with ensuring good security practices while the devices are in use, many organisations will need to re-evaluate their decommissioning and disposal methods. Otherwise, the organisation s secrets may prove to be more portable than anyone had expected. Trustworthy Mobile Security for Smartphones, Tablets, etc. - Is there an App for that? 12
13 Company Profile Data protection was something unheard of when the first shredders were introduced in the 1960 s. Starting with the "electronic wastepaper basket" INTIMUS Simplex in 1965 the product range nowadays meets all the requirements imposed with regard to information assurance. It does not only contain devices for the shredding of classical data media, such as print outs, computer lists or even complete folders, but also features machines to destroy information on modern endpoint devices like CDs, floppy disks, Hard Disk Drives and Solid State Media. intimus Security Consulting is a concept to assist organisations worldwide to define, implement and monitor procedures for information security beyond the endpoint. More information is available under The MARTIN YALE GROUP was formed in 2003 by the former individual organisations MARTIN YALE Industries (North America) and Schleicher International (Germany). Today the Group has got an extensive worldwide distribution network with 7 branch offices and over 150 distributors. Contact Details MARTIN YALE GROUP Bergheimer Strasse Markdorf / Germany Tel / (0) / Fax 0049 / (0) / mailto: strunz@martinyale.de Trustworthy Mobile Security for Smartphones, Tablets, etc. - Is there an App for that? 13
Stopping Leaks: How to Confront the Challenges of Endpoint Information Security from HDD. Whitepaper
Stopping Leaks: How to Confront the Challenges of Endpoint Information Security from HDD intimus consulting is a division of the MARTIN YALE GROUP Bergheimer Strasse 6-12 88677 Markdorf / Germany www.intimusconsulting.com
More informationCustomers Trust. Whitepaper
Steps to improve your Data Security and ensure your Customers Trust intimus consulting is a division of the MARTIN YALE GROUP Bergheimer Strasse 6-12 88677 Markdorf / Germany www.intimusconsulting.com
More informationThis policy outlines different requirements for the use of PSDs based on the classification of information.
POLICY OFFICE OF THE INFORMATION COMMISSIONER Use of portable storage devices 1. Purpose A Portable Storage Device (PSD) is a mobile device capable of storing and transferring digital information. Examples
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationChallenges and Solutions for Effective SSD Data Erasure
Challenges and Solutions for Effective SSD Data Erasure Blancco White Paper Published 8 October 2013 First Edition Table of contents Introduction...3 The Simplicity And Complexity Of SSDs...4 Traditional
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationRunning Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University
Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will
More informationManaging and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS
Managing and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS Blancco White Paper Published 14 February 2013 Introduction Advanced mobile devices like
More informationBRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT
BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT www.intivix.com (415) 543 1033 HELP TEAM MEMBERS TO COLLABORATE MORE EASILY FROM ANYWHERE. People are starting to expect the ability to connect
More informationComputer Storage. Computer Technology. (S1 Obj 2-3 and S3 Obj 1-1)
Computer Storage Computer Technology (S1 Obj 2-3 and S3 Obj 1-1) Storage The place in the computer where data is held while it is not needed for processing A storage device is device used to record (store)
More informationMobile Security: Controlling Growing Threats with Mobile Device Management
Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationCourse: Information Security Management in e-governance
Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security
More informationWhy you need. McAfee. Multi Acess PARTNER SERVICES
Why you need McAfee Multi Acess PARTNER SERVICES McAfee Multi Access is an online security app that protects all types of devices. All at once. The simple monthly subscription covers up to five devices
More information-------------------------------------------------------------------------------------------------------------
Fast Facts: On average, around one-third of employees travel regularly for work Just one in three companies, however, prepares for these trips by implementing security guidelines and other measures. This
More informationAVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More informationBring Your Own Device (BYOD) and Mobile Device Management
Bring Your Own Device (BYOD) and Mobile Device Management Intivix.com (415) 543 1033 PROFESSIONAL IT SERVICES FOR BUSINESSES OF ALL SHAPES AND SIZES People are starting to expect the ability to connect
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:
More informationBOYD- Empowering Users, Not Weakening Security
BOYD- Empowering Users, Not Weakening Security Table of Contents Exec summary... 3 Benefits of BYOD... 4 Threats that BYOD Harbours... 5 Malware... 5 Data Leakage... 5 Lost or Stolen Devices... 5 Public
More informationKeep Hackers Guessing: Protecting Corporate Information While On The Go
Keep Hackers Guessing: Protecting Corporate Information While On The Go Proactive tips for wireless information security for traveling professionals. In today s world where WiFi hotspots are available
More informationSolid-State Drives with Self-Encryption: Solidly Secure
Solid-State Drives with Self-Encryption: Solidly Secure 09/22/2011 Michael Willett Storage Security Strategist SAMSUNG SOLID STATE DRIVES Solid-State Drives SSD ADVANTAGES SOLID STATE DRIVES Save $$ on
More informationBring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com
Bring Your Own Device (BYOD) and Mobile Device Management tekniqueit.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks
More informationCOVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name
COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationBring Your Own Device (BYOD) and Mobile Device Management. www.cognoscape.com
Bring Your Own Device (BYOD) and Mobile Device Management www.cognoscape.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks
More informationProtecting Data in Decommissioned IT Assets: Factors, Tools and Methods
SECURIS SM Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods Information Systems Security Association (ISSA) Baltimore Chapter Monthly Meeting January 27, 2016 Hugh McLaurin, CSDS
More informationEnterprise Global Security in an era of Hybrid Cloud and Smart Mobile
Enterprise Global Security in an era of Hybrid Cloud and Smart Mobile M. Asif Riaz, CISM, CISSP, CEH Agenda Users are demanding access to applications and services from wherever they are, whenever they
More informationChoose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com
Choose Your Own Device (CYOD) and Mobile Device Management gsolutionz.com Choose Your Own Device (CYOD) and Mobile Device Management 2 gsolutionz.com People are starting to expect the ability to connect
More informationCloud Backup and Recovery for Endpoint Devices
Cloud Backup and Recovery for Endpoint Devices Executive Summary Armed with their own devices and faster wireless speeds, your employees are looking to access corporate data on the move. They are creating,
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More informationThe Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training
The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.
More informationSeven Tips for Securing Mobile Workers
Seven Tips for Securing Mobile Workers Sponsored by Sophos Published by Ponemon Institute LLC Ponemon Institute Research Report Seven Tips for Securing Mobile Workers Ponemon Institute, May 2011 Part 1.
More informationComputer Security at Columbia College. Barak Zahavy April 2010
Computer Security at Columbia College Barak Zahavy April 2010 Outline 2 Computer Security: What and Why Identity Theft Costs Prevention Further considerations Approach Broad range of awareness Cover a
More informationLearn to protect yourself from Identity Theft. First National Bank can help.
Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationEasiShare Whitepaper - Empowering Your Mobile Workforce
Accessing files on mobile devices and sharing them with external parties presents serious security risks for companies. However, most current solutions are either too cumbersome or not secure enough for
More informationSERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0
SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY
More informationEXECUTIVE SUMMARY Cloud Backup for Endpoint Devices
EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices According to Gartner, by 2015 more than 60% of enterprises will have suffered material loss of sensitive corporate data via mobile devices. Armed with
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationIn 2015, just under half (43%) of the world s population has an Internet connection: 3.2 billion people, compared to 2.9 billion in July 2014.
Contents Introduction... 1 Main findings... 2 Methodology... 3 Section 1. Device usage... 4 Section 2. Online and on the move: Internet activity... 6 Section 3. The connected treasure chest: what is stored
More informationCHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device
CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge
More informationSimplifying the Challenges of Mobile Device Security
WHITE PAPER Three Steps to Reduce Mobile Device Security Risks Table of Contents Executive Overview 3 Mobile Device Security: 3 Just as Critical as Security for Desktops, Servers, and Networks 3 Find the
More informationThe virtual safe: A user-focused approach to data encryption
The virtual safe: A user-focused approach to data encryption Steganos GmbH, 2008 1 The hard disk: a snapshot of our lives The personal computer has never been more personal. We routinely trust it with
More informationMobile Health Apps 101: A Primer for Consumers. myphr.com
Mobile Health Apps 101: A Primer for Consumers just think APP This guide is designed to help you understand and make educated decisions about using mobile health applications ( app ). When considering
More information7 VITAL FACTS ABOUT HEALTHCARE BREACHES. www.eset.com
7 VITAL FACTS ABOUT HEALTHCARE BREACHES www.eset.com 7 vital facts about healthcare breaches Essential information for protecting your business and your patients Large breaches of Personal Health Information
More informationFeature List for Kaspersky Security for Mobile
Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationBYOD AND ME. How cell phone hacking effects your business.! Richard Rigby CEO Wraith Intelligence
BYOD AND ME How cell phone hacking effects your business! Richard Rigby CEO Wraith Intelligence 90% of companies will offer BYOD, or bring-your-own-device options to employees by 2014, according to Gartner.
More informationThe Risks and Rewards of Social Media and Mobile Devices
The Risks and Rewards of Social Media and Mobile Devices October 29-30, 2012 Tony Brooks, CISA Principal & Director of IT Assurance Tony and Brooks, Risk Services CISA, CRISC Partner HORNE - IT LLP Assurance
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationStorage, backup, transfer, encryption of data
Storage, backup, transfer, encryption of data Veerle Van den Eynden UK Data Archive Looking after your research data: practical data management for research projects 5 May 2015 Overview Looking after research
More informationKaspersky Security for Mobile
Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months
More informationMobile Security Standard
Mobile Security Standard Title Mobile Security Standard Mobile Device Security Category Version: 18/07/2013 PUBLISHED Author:, IT Services Contact: itsecurity@contacts.bham.ac.uk Mobile Security Standard
More informationINFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies
INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies REMOVABLE MEDIA: NSW MoH are currently undergoing review with a state-wide working party developing the Draft NSW
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationWhite Paper. The Principles of Tokenless Two-Factor Authentication
White Paper The Principles of Tokenless Two-Factor Authentication Table of contents Instroduction... 2 What is two-factor authentification?... 2 Access by hardware token... 3 Advantages and disadvantages
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More informationDigital Consumer s Online Trends and Risks
Digital Consumer s Online Trends and Risks Modern consumers live a full-scale digital life. Their virtual assets like personal photos and videos, work documents, passwords to access social networking and
More informationProtection of Computer Data and Software
April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal
More informationBEST PRACTICE GUIDE TO ENCRYPTION.
BEST PRACTICE GUIDE TO ENCRYPTION. CONTENTS 1. INTRODUCTION...2 Page 2. BEST PRACTICE APPROACHES...3 3. POLICY FIRST TECHNOLOGY SECOND...4 4. FULL DISK ENCRYPTION OR FILE LEVEL ENCRYPTION?...5 5. ENFORCE
More informationRisks and Benefits of the Cloud
Risks and Benefits of the Cloud In recent history there have been constant revolutions in the way personal data is stored and transferred. Today, one does not even need a physical data storage device such
More informationMobile Operating Systems & Security
Mobile Operating Systems & Security How can I protect myself? Operating Systems Android Apple Microsoft What do they do? operate smartphones, tablets, watches and other mobile devices includes touchscreens
More informationONE Mail Direct for Mobile Devices
ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document
More informationSimplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks
Smartphones and tablets are invading the workplace along with the security risks they bring with them. Every day these devices go unchecked by standard vulnerability management processes, even as malware
More informationThe Hidden Dangers of Public WiFi
WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationGuidelines for smart phones, tablets and other mobile devices
Guidelines for smart phones, tablets and other mobile devices Summary Smart phones, tablets and other similar mobile devices are being used increasingly both privately and in organisations. Another emerging
More informationSecuring mobile devices in the business environment
IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile
More informationMOBILE BANKING USER GUIDE
MOBILE BANKING USER GUIDE CentricBank.com DrCentricBank.com 717.657.7727 Centric Bank does not currently charge a fee for Mobile Banking. However, your mobile phone provider may charge data usage fees
More informationHave you ever accessed
HIPAA and Your Mobile Devices Not taking the appropriate precautions can be very costly. 99 BY MARK TERRY Alexey Poprotskiy Dreamstime.com Have you ever accessed patient data offsite using a laptop computer,
More informationGuadalupe Regional Medical Center
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
More informationData Storage on Mobile Devices Introduction to Computer Security Final Project
Data Storage on Mobile Devices Introduction to Computer Security Final Project Katina Russell Tufts University, Fall 2014 Abstract While people come up with ideas about a mobile application to create,
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationMobile Devices in Healthcare: Managing Risk. June 2012
Mobile Devices in Healthcare: Managing Risk June 2012 1 Table of Contents Introduction 3 Mobile Device Risks 4 Managing Risks and Complexities 5 Emerging Solutions 7 Conclusion 7 References 8 About the
More informationStoring and securing your data
Storing and securing your data Research Data Management Support Services UK Data Service University of Essex April 2014 Overview Looking after research data for the longer-term and protecting them from
More informationSecure Mobile Shredding and. Solutions
Secure Mobile Shredding and Data Erasure Solutions SECURE MOBILE SHREDDING & DATA ERASURE SERVICES... NCE s mobile shredding and data erasure service permanently destroys your data in a secure and controlled
More informationTufts University. COMP116 Introduction to Computer Security. Recovery After Losing the Physical Device
Tufts University COMP116 Introduction to Computer Security Recovery After Losing the Physical Device Dec. 11 th 2014 Author: Haoyang Mao Mentor: Ming Chow 1 Abstract The only truly secure system is one
More informationAppendix 1b. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Review of Mobile Portable Devices Management
Appendix 1b DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA Review of Mobile Portable Devices Management DISTRIBUTION LIST Audit Team David Esling, Head of Audit and Assurance
More informationHow To Protect Your Information From Being Hacked By A Hacker
DOL New Hire Training: Computer Security and Privacy Table of Contents Introduction Lesson One: Computer Security Basics Lesson Two: Protecting Personally Identifiable Information (PII) Lesson Three: Appropriate
More informationplatforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential
Best Practices for Smartphone Apps A smartphone is basically a computer that you can carry in the palm of your hand. Like computers, smartphones have operating systems that are often called platforms.
More informationSHS Annual Information Security Training
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
More informationGetting a Secure Intranet
61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationSecurity Solutions for HIPAA Compliance
Security Solutions for HIPAA Compliance www.currentware.com 613-368-4300 info@currentware.com In today s digital and mobile age, the healthcare sector is susceptible to increasing vulnerabilities of exposing
More informationTOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE
TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE TODAY S HIGHLY MOBILE WORKFORCE IS PLACING NEW DEMANDS ON IT TEAMS WHEN PROTECTING LAPTOP DATA To guard this corporate data at
More informationThe Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them
The Increasing Threat of Malware for Android Devices 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them INTRODUCTION If you own a smartphone running the Android operating system, like the
More informationSecure Your Information and Communication Technology Devices
You should pay attention to the following items bef the Internet: Secure Your Information and Communication Technology Devices Install proper anti-virus software P.3 Log on as a user and not as an administrator
More informationENISA s ten security awareness good practices July 09
July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European
More informationSecurity Recommendations for Multifunction Printers Will Urbanski, Virginia Tech IT Security Office and Lab
Security Recommendations for Multifunction Printers Will Urbanski, Virginia Tech IT Security Office and Lab September, 2010 Security Recommendations for Multifunction Printers 2 Overview With the rise
More informationHow One Smart Phone Picture Can Take Down Your Company
SESSION ID: HUM-R04 How One Smart Phone Picture Can Take Down Your Company Dr. Larry Ponemon Chairman and Founder Ponemon Institute @Ponemon Have You Ever Felt Wandering Eyes Over Your Shoulder? Username:
More information1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.
Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft
More informationMobile phone security. Prof. Do van Thanh
Mobile phone security Prof. Do van Thanh Introduction Why do we need mobile phone security? Is the mobile phone a secure device? The answer is: Yes, but only until recently Indeed malware starts to appear
More informationPortable Devices and Removable Media Acceptable Use Policy v1.0
Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working
More informationHow To Protect Your Smartphone From Attack From A Hacker (For Business)
White paper Mobile security issues in a corporate environment Be Ready for What s Next. Mobile security issues in a corporate environment The smartphone market is accelerating at a rapid rate. According
More informationIEEE CQR 2010 A Holistic Approach to Mobile Security
A Holistic Approach to Mobile Security Khoi Nguyen, Group Product Manager Mobile Security and Management Group Symantec Amber Kick-off Meeting Introduction Khoi Nguyen, Group Product Manager, Mobile Security
More informationEMBRACING THE AGE OF MOBILITY
Embracing The Age Of Mobility & The Byod Workplace buzz-worthy acronym or a workplace trend that will eventually fade; it s part of the complete restructuring of the conventional way we ve worked up to
More informationDestruction and Disposal of Sensitive Data
Destruction and Disposal of Sensitive Data Good Practice Guidelines Version: 3.0 Date: March 2015 1 Copyright 2015, Health and Social Care Information Centre. Contents 1. Introduction 3 1.2 Aims and Objectives
More informationCountering the Threat to the Digital Lifestyle
Encryption and USB Drives: Whitepaper Countering the Threat to the Digital Lifestyle Encryption and USB Drives 8GB of Data 2,000 songs - or your company marketing strategies 2,500 vacation pictures - or
More informationPerception and knowledge of IT threats: the consumer s point of view
Perception and knowledge of IT threats: the consumer s point of view It s hard to imagine life without digital devices, be it a large desktop computer or a smartphone. Modern users are storing some of
More information