Mobile Devices in Healthcare: Managing Risk. June 2012

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Mobile Devices in Healthcare: Managing Risk. June 2012"

Transcription

1 Mobile Devices in Healthcare: Managing Risk June

2 Table of Contents Introduction 3 Mobile Device Risks 4 Managing Risks and Complexities 5 Emerging Solutions 7 Conclusion 7 References 8 About the Author 9 About CHAN HEALTHCARE 10 Key Contacts 10 2

3 Introduction Since the 1876 invention of the telephone, the growth of communication and information collecting devices has continually accelerated. According to internetworldstats.com 2.3 billion of the world s 6.9 billion people were internet users at the end of 2011, reflecting 528% growth over the last decade. Mobile Marketing published an article (April 4th, 2011) on digitalbuzzblog.com, noting that 1.08 billion of the world s four billion mobile phones were Smartphones. They also predicted that mobile internet users (onethird of desktop users in 2007) will surpass desktop internet users in Many parts of our day are made easier with mobile devices. Their application to the work environment has been a natural consequence. Yet in a world where privacy is equally valued, use of mobile technology introduces complexities. In 2011, for the first time, Smartphone and tablet shipments exceeded those of desktop and notebook shipments. To be competitive in our changing world, a business must accommodate all communication channels. Healthcare is no exception. It is a competitive market and healthcare organizations must provide the best technological resources they can afford. According to recent surveys reported by Mobile Health News, Saurage Research and CompTIA, more than 50% of physicians use a Smartphone for work purposes. Inexpensive technology options and more user-friendly devices have allowed usage of these devices to grow quickly. Almost one-third of providers use their Smartphones or tablets to access Electronic Medical Record In 2011, 1,546 million (EMR) and Electronic Health Record (EHR) systems, with an additional mobile devices were 20% expected to start within the next year. Also, 38% of physicians sold, up 11.1 percent with Smartphones use medical applications on a daily basis, with that compared with number increasing to 50% in the next 12 months. The accelerated development of new technology is exciting; however, the growing use of mobile devices and the constant change in technology also brings risk. A high regulatory expectation of patient privacy means healthcare organizations must be constantly aware of security risks and balance high quality patient care with security and privacy. Mobile devices are a phenomenal way to provide high quality care, but it is important to be aware of the major risks and ways to mitigate them. This thought paper will discuss developing business risks and complexities as mobile devices are integrated into operations and share tips on ways to manage security and privacy risks related to these devices. 3

4 Mobile Device Risks A risk by definition is something that can impede the achievement of strategic and business objectives. While developing technology can facilitate better care, it can also quickly put the organization s reputation at risk. Privacy is prized by the public and has resulted in several laws over the last two decades that significantly penalize organizations who do not protect it. The use of mobile devices in healthcare, both hospital and personally owned, presents a number of risks to the security of patient and healthcare information. It is important to be aware of these risks and mitigate them through process design, policy enforcement and controls when possible. The following are some of the key risks related to mobile devices in healthcare: 1. Lack of training and awareness of security procedures and mobile device usage policies. 2. Lost or stolen devices resulting in access to sensitive information including electronic Protected Health Information (ephi). 3. Unauthorized storage of ephi on mobile devices. 4. Unauthorized access and use of devices and the applications and data that reside on them. 5. Lack of proper virus protection and software controls. 6. Installation of unapproved or malicious applications. 7. Jailbreaking of devices resulting in increased risk from malicious software. 8. Use of unsecured wireless networks. These basic risks will continue to grow in the upcoming years due to constant changes in the mobile device market and regulatory environment. New products continue to be released at a rapid pace, and healthcare organizations will continue to enable adoption to stay relevant in a competitive market. Taking appropriate steps to understand the risks can improve the organization s ability to better manage them going forward. The following details can assist healthcare organizations in taking these first steps. 4

5 Managing Risks and Complexities User Training and Awareness Many users of mobile devices are not aware that leaving a device unlocked without a password and then connecting to , company sites, external websites and unsecured wireless networks presents significant risk to the organization. All it really takes is one employee to leave a mobile device open with Electronic Personal Health Information (ephi) on it to cause legal and financial problems for the organization. Policies and access protocols must ensure all users are trained on proper security procedures for using these devices before they are issued or allowed access to the organization s systems. Lost or Stolen Devices Portability is one of the major benefits of using mobile devices. However, from a security perspective, this means devices can be easily misplaced or stolen. It is critical that procedures formalized in the Information Technology (IT) department anticipate lost or stolen devices and provide an appropriate response. Organizations that allow use of personal mobile devices should work with IT to enforce the same security protocols in the event that a personal device is lost or stolen. All employees should be required to agree to these procedures before issuance of a device. All devices should be password protected and encrypted so unauthorized users cannot access any information on the device without proper authorization. It is advisable for IT to have the ability to remote lock and wipe these devices, virtually securing them even in the event they are lost or stolen. Unauthorized Storage Rapid advancement of mobile technology has increased the ability of these devices to store ephi. Maintaining ephi across more tools with mobility increases the likelihood of inappropriate disclosure or theft. Policies that limit storage of ephi to approved platforms should be developed and communicated to all employees. The IT Department should also work to deploy available technological resources to prevent storage on these devices, whenever possible. The technologies used can include tools that limit the types of information stored on the device, prevent all device storage, or limit the types of software used on the device. Unauthorized Access and Use of Devices In the past inappropriate access to information was protected by a door, a private desk and a computer password. Mobile devices remove two of these barriers and greatly increase the need for a clear security policy and enforcement processes. Strict password protection and encryption of physical storage on the devices are minimums. All organization-owned devices should be configured to have both password controls and encryption enforced through security policies, or through the use of other mobile device management software. Mobile device management software provides better control for devices that are connected to company resources, enhances security of devices and allows for managing Mobile Device Management (MDM) Software MDM software is used to track mobile devices being used on-site, control devices which access network data and typically provides the ability to push out security setting policies. Many applications claim to provide these services, top names include, Boxtone, Apperian, Odyssey Software, Maas360, and MobileIron. However, MDM Software should always be acquired based on the unique needs of the environment. multiple types of devices with one product. However, many users connect their own personal devices to check company and access other resources. It is important to configure all settings to require these devices abide by the company security policy as well. As devices multiply their management becomes more complicated, however mobile device management solutions are rapidly evolving as well. 5

6 Managing Risks and Complexities, continued Lack of Proper Virus Protection and Software Controls As capabilities of mobile devices expand, so does the capacity to spread viruses. It should be standard practice to install virus protection on all devices that are connecting to a hospital network in any way. Without virus protection, there is a risk that mobile devices can infect the network, leading to loss of systems, breached data and privacy concerns. Policies regarding virus protection and software controls should be regularly communicated to all employees. Only four percent of Smartphones and tablet computers shipped in 2010 had some form of mobile security downloaded and installed. Unauthorized or Malicious Applications If you have downloaded an application onto a mobile device through an iphone, Blackberry, or Android, you are familiar with the warnings regarding what the downloaded application will be able to see and do on the device. Typical warnings include access to contacts, , phone status, network usage and more. For hospital-owned mobile devices, installing any unauthorized application brings additional risk. Written and programmatic policies should be employed to prevent installation of unauthorized software. For example, mobile device management software can help enforce corporate policies regarding applications through the use of application whitelists for approved applications and blacklists for applications that should not be installed. More advanced features and the ability to deploy applications can be provided through the use of mobile device management software. Jailbreaking Jailbreaking is a term used for hacking a mobile device and freeing it from restrictions and controls imposed by the device manufacturer or mobile device service provider. Jailbreaking provides users and applications with administrator-like privileges to the device and the data stored on the device. Websites and software specific for jailbreaking mobile devices are widely available on the internet and through application markets. Mobile device policies should clearly prevent users from jailbreaking any hospital-owned mobile device or using any personally owned device that has been jailbroken to access hospital , networks, data or applications. To enforce this policy, mobile device management software should be deployed. Unsecured Wireless Networks Unsecured, or open, Wi-Fi networks do not require the use of authentication controls (passwords) and do not use encryption to prevent the capture and eavesdropping of unsecured network traffic. Even the use of some secure Wi-Fi networks (requiring authentication) like Wired Equivalent Privacy (WEP) present risk, as there are existing tools and techniques to break WEP keys. To protect traffic between an end user s device and a hospital s network, an encrypted Virtual Private Network (VPN) should be used along with the use of Secure Socket Layer (SSL) encryption for all web-based resources and . Policy should enforce such an approach. Less than one in 20 Smartphones and tablets have third-party security software installed in them, despite a steady increase in threats. 6

7 Emerging Solutions Solutions and software to manage mobile devices change as quickly as the devices. Many companies currently have systems that allow for some security to be managed on their devices. However, many standard security settings do not provide full mobile device management for any type of device that connects to the hospital network. As technology continues to evolve, there will be many options available to manage devices. While all products have their advantages and disadvantages, it is important to remember that there are many different types of devices with different security configurations. When choosing what works best for your organization, it is important to consider a self-inventory of the risks present with these devices and the controls needed to mitigate them. Assessing your current mobile device management processes with a few key risk questions like the ones below can get you started. Remember to include key stakeholders from all areas of your organization to help find the right solution. 25% of health care providers surveyed use tablets at their practice, while another 21% expect to do so in the next 12 months. 1. Do you have an inventory of all mobile devices used within business operations? 2. Do you have a security policy that covers use of mobile devices? If so, which has been effectively communicated? 3. Is your security policy enabled by technology to track and enforce security standards? 4. Is there a defined approval process for granting mobile devices access? 5. Do processes exist to determine that all devices have appropriate security settings? 6. Does the organization have the ability to delete data if devices are lost or stolen? Conclusion The use of mobile devices will continue to grow and the changing security landscape of these devices will always make them a security concern, specifically in a privacy conscious healthcare environment. Healthcare organizations must continually review the risks of mobile devices in their facilities and update policies and procedures regularly. Mobile device management and security should always be a formal part of the comprehensive data access and security plan. These devices are designed to help employees increase efficiency and provide a better patient experience. A strong foundation for mobile device security can help to achieve the ideal intended uses. The healthcare organization should always set the tone that security of these devices should be a primary objective for everyone. Constant education and user awareness can help to prevent problems in the future. If managed properly and securely, these devices will continue to be a benefit to the organization. 7

8 References CompTIA. CompTIA. N.p., n.d. Web. 15 May Canalys Insight. Innovation. Impact. Canalys Insight. Innovation. Impact. N.p., n.d. Web. 15 May Department of Health and Human Services. DHHS. N.p., n.d. Web. 15 May hhs.gov. Dolan, Brian. mobihealthnews. mobihealthnews. N.p., n.d. Web. 15 May mobihealthnews.com. Hepburn, Aden. Infographic: Mobile Statistics, Stats & Facts 2011 Digital Buzz Blog. Digital Buzz Blog Digital Campaigns, Online Marketing, Social & More. N.p., Web. 4 Apr digitalbuzzblog.com HIMSS (Healthcare Information and Management Systems Society). HIMSS (Healthcare Information and Management Systems Society). N.p., n.d. Web. 15 May Home mobithinking. Home mobithinking. N.p., n.d. Web. 15 May IDC Home: The premier global market intelligence firm. IDC Home: The premier global market intelligence firm. N.p., n.d. Web. 15 May ISACA. ISACA. N.p., n.d. Web. 15 May Marketing Research Firm Branding Strategies & Competitor Analysis Saurage Marketing Research. Marketing Research Firm Branding Strategies & Competitor Analysis Saurage Marketing Research. N.p., n.d. Web. 15 May Online Marketing Agency - Minneapolis, MN Spyder Trap Online Marketing. Online Marketing Agency - Minneapolis, MN Spyder Trap Online Marketing. N.p., n.d. Web. 15 May spydertrap.com. Predictive Analysis Intelligent Analysis Strategic Market Research Strategy Analytics. Predictive Analysis Intelligent Analysis Strategic Market Research Strategy Analytics. N.p., n.d. Web. 15 May

9 About the Author Jeff Good is a Certified Information Systems Auditor and holds a Bachelor of Science degree in Computer Management (Information Systems) from Eastern Illinois University. Mr. Good has worked in the Information Technology (IT) Area for over 10 years and serves in CHAN HEALTHCARE s IT Audit Practice. His audits have covered several health systems and provide a solid industry perspective. Mr. Good participates in client risk assessments and system implementation reviews to help clients to identify weaknesses in their most critical areas. Through these projects he has provided clients with detailed issues and action plans to help strengthen internal controls in many critical hospital areas. Prior to joining CHAN HEALTHCARE, Mr. Good worked at a professional firm in an IT Risk Advisory Services Practice serving many different clients and industries. 9

10 About CHAN HEALTHCARE CHAN HEALTHCARE was the first and remains the only company in the United States focused exclusively on providing internal audit and consulting services to the healthcare industry. CHAN HEALTHCARE has implemented internal audit and consulting services at more than 25 healthcare networks, with ongoing operations in over 700 healthcare facilities nationwide. Our 320+ Associates represent CHAN HEALTHCARE to provide independent assurance that business risks and opportunities are identified and managed from implementing our Client Value Model to providing services in Coding, Compliance, Information Technology, Data Analytics, and Governance education. Find out more about CHAN HEALTHCARE at or call Key Contacts Dan Clayton Director of Knowledge Management CHAN HEALTHCARE Sarah Edwards Chief Communications Officer CHAN HEALTHCARE Copyright 2012 CHAN HEALTHCARE LLC. All rights reserved. 10

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD STRATEGY ANALYTICS INSIGHT October 2012 Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD By Mark Levitt, Analyst/Director at Strategy Analytics BYOD

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:

More information

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com {ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the

More information

Mobile Security: Controlling Growing Threats with Mobile Device Management

Mobile Security: Controlling Growing Threats with Mobile Device Management Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work

More information

Hands on, field experiences with BYOD. BYOD Seminar

Hands on, field experiences with BYOD. BYOD Seminar Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl

More information

Samsung Mobile Security

Samsung Mobile Security Samsung Mobile Security offering enhanced core capabilities for enterprise mobility Samsung Enterprise Mobility Enterprise-ready Mobility management for your business Samsung Mobile Security offers enterprise

More information

The Risks and Rewards of Social Media and Mobile Devices

The Risks and Rewards of Social Media and Mobile Devices The Risks and Rewards of Social Media and Mobile Devices October 29-30, 2012 Tony Brooks, CISA Principal & Director of IT Assurance Tony and Brooks, Risk Services CISA, CRISC Partner HORNE - IT LLP Assurance

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA

More information

CDW PARTNER REVIEW GUIDE MOBILE DEVICE MANAGEMENT

CDW PARTNER REVIEW GUIDE MOBILE DEVICE MANAGEMENT CDW PARTNER REVIEW GUIDE MOBILE DEVICE MANAGEMENT GETTING CONTROL OF MOBILITY IN THE MARKET In a 2011 IDC study, IT decision-makers report that, on average, 34 percent of their employees access business

More information

Securing Health Data in a BYOD World

Securing Health Data in a BYOD World BUSINESS WHITE PAPER Securing Health Data in a BYOD World Five strategies to minimize risk Securing Health Data in a BYOD World Table of Contents 2 Introduction 3 BYOD adoption drivers 4 BYOD security

More information

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com Bring Your Own Device (BYOD) and Mobile Device Management tekniqueit.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Bring Your Own Device (BYOD) and Mobile Device Management. www.cognoscape.com

Bring Your Own Device (BYOD) and Mobile Device Management. www.cognoscape.com Bring Your Own Device (BYOD) and Mobile Device Management www.cognoscape.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks

More information

Mobile Device Usage Standards (Phones, Smart Phones, Tablets, Laptops)

Mobile Device Usage Standards (Phones, Smart Phones, Tablets, Laptops) Mobile Device Usage Standards (Phones, Smart Phones, Tablets, Laptops) 1. Purpose Banner encourages the business use of Mobile Devices by employees as productivity enhancement tools. The purpose of this

More information

A guide to enterprise mobile device management.

A guide to enterprise mobile device management. WHITEPAPER A guide to enterprise Beyond expectation. www.azzurricommunications.co.uk Introduction. As smartphones and tablets proliferate in the enterprise, IT leaders are under pressure to implement an

More information

Chris Boykin VP of Professional Services

Chris Boykin VP of Professional Services 5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing

More information

Choose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com

Choose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com Choose Your Own Device (CYOD) and Mobile Device Management gsolutionz.com Choose Your Own Device (CYOD) and Mobile Device Management 2 gsolutionz.com People are starting to expect the ability to connect

More information

Mobility, Security Concerns, and Avoidance

Mobility, Security Concerns, and Avoidance By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to

More information

10 best practice suggestions for common smartphone threats

10 best practice suggestions for common smartphone threats 10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth

More information

Mobile Device Management for CFAES

Mobile Device Management for CFAES Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are

More information

Back to the Future: Securing your Unwired Enterprise

Back to the Future: Securing your Unwired Enterprise Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has

More information

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones

More information

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES White paper 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING PHI ON PORTABLE DEVICES 2016 SecurityMetrics 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES 1 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING

More information

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an

More information

Security and Compliance challenges in Mobile environment

Security and Compliance challenges in Mobile environment Security and Compliance challenges in Mobile environment Emerging Technologies November 19, 2013 Bob Bastani Introductions Bob Bastani, Security & Compliance Program Manager, IBM, 301-803-6078, bbastani@us.ibm.com

More information

Insert Partner logo here. Financial Mobility Balancing Security and Success

Insert Partner logo here. Financial Mobility Balancing Security and Success Financial Mobility Balancing Security and Success Copyright 2012 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information of Fiberlink.

More information

Bring Your Own Device (BYOD) and Mobile Device Management

Bring Your Own Device (BYOD) and Mobile Device Management Bring Your Own Device (BYOD) and Mobile Device Management Intivix.com (415) 543 1033 PROFESSIONAL IT SERVICES FOR BUSINESSES OF ALL SHAPES AND SIZES People are starting to expect the ability to connect

More information

BYOD Policy Implementation Guide. BYOD Three simple steps to legally secure and manage employee-owned devices within a corporate environment

BYOD Policy Implementation Guide. BYOD Three simple steps to legally secure and manage employee-owned devices within a corporate environment BYOD Policy Implementation Guide BYOD Three simple steps to legally secure and manage employee-owned devices within a corporate environment We won t bore you with the typical overview that speaks to the

More information

Cyber Security. John Leek Chief Strategist

Cyber Security. John Leek Chief Strategist Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity

More information

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT www.intivix.com (415) 543 1033 HELP TEAM MEMBERS TO COLLABORATE MORE EASILY FROM ANYWHERE. People are starting to expect the ability to connect

More information

Healthcare Buyers Guide: Mobile Device Management

Healthcare Buyers Guide: Mobile Device Management Healthcare Buyers Guide: Mobile Device Management Physicians and other healthcare providers see value in using mobile devices on the job. BYOD is a great opportunity to provide better and more efficient

More information

White Paper: The Current State of BYOD

White Paper: The Current State of BYOD CTOlabs.com White Paper: The Current State of BYOD May 2012 A White Paper providing context and guidance you can use Inside: Snapshot of a fast moving trend Summary of recent surveys Considerations for

More information

Emerging threats for the healthcare industry: The BYOD. By Luca Sambucci www.deepsecurity.us

Emerging threats for the healthcare industry: The BYOD. By Luca Sambucci www.deepsecurity.us Emerging threats for the healthcare industry: The BYOD Revolution By Luca Sambucci www.deepsecurity.us Copyright 2013 Emerging threats for the healthcare industry: The BYOD REVOLUTION Copyright 2013 Luca

More information

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

More information

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program

More information

Adams County, Colorado

Adams County, Colorado Colorado Independent Consultants Network, LLC Adams County, Colorado Bring-Your-Own-Device Policy Prepared by: Colorado Independent Consultants Network, LLC Denver, Colorado March 20, 2014 Table of Contents

More information

IBM Endpoint Manager for Mobile Devices

IBM Endpoint Manager for Mobile Devices IBM Endpoint Manager for Mobile Devices A unified platform for managing mobile devices together with your traditional endpoints Highlights Address business and technology issues of security, complexity

More information

Use of tablet devices in NHS environments: Good Practice Guideline

Use of tablet devices in NHS environments: Good Practice Guideline Use of Tablet Devices in NHS environments: Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Technology Office Prog. Director Chris Wilber Status APPROVED Owner James Wood

More information

Mobile Device Security Is there an app for that?

Mobile Device Security Is there an app for that? Mobile Device Security Is there an app for that? Session Objectives. The security risks associated with mobile devices. Current UC policies and guidelines designed to mitigate these risks. An approach

More information

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012 BYOD and Mobile Device Security Shirley Erp, CISSP CISA November 28, 2012 Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html.

More information

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Auditing the Security and Management of Smart Devices ISACA Dallas Meeting

More information

SAS Mobile BI Security and the Mobile Device

SAS Mobile BI Security and the Mobile Device SAS Mobile BI Security and the Mobile Device Version 1.0 April 24, 2015 Contents Introduction...1 Security Features Provided by SAS Mobile BI and SAS Visual Analytics...2 Introduction... 2 Lock the SAS

More information

Use Bring-Your-Own-Device Programs Securely

Use Bring-Your-Own-Device Programs Securely Use Bring-Your-Own-Device Programs Securely By Dale Gonzalez December 2012 Bring-your-own-device (BYOD) programs, which allow employees to use their personal smartphones, tablets and laptops in and out

More information

White Paper. Data Security. The Top Threat Facing Enterprises Today

White Paper. Data Security. The Top Threat Facing Enterprises Today White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is

More information

Empowering BYOD and Mobile Security in the Enterprise. Jeff Baum, APAC Managing Director

Empowering BYOD and Mobile Security in the Enterprise. Jeff Baum, APAC Managing Director Empowering BYOD and Mobile Security in the Enterprise Jeff Baum, APAC Managing Director Growth of Mobile Mobile worker population will reach 1.3 Billion in 2015 Source: IDC Worldwide Mobile Worker Population

More information

Guideline on Safe BYOD Management

Guideline on Safe BYOD Management CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version

More information

Securing Critical Corporate Data in a Mobile World

Securing Critical Corporate Data in a Mobile World Page 2 of 14 Securing Critical Corporate Data in a Mobile World Page 3 of 14 Table of Contents 1 Mobile is the New Normal... 4 1.1 The Critical Importance of Mobile Security... 4 1.2 Mobile Security Challenges...

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?

More information

Symantec Mobile Management 7.1

Symantec Mobile Management 7.1 Scalable, secure, and integrated device management for healthcare Data Sheet: Industry Perspectives Healthcare Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any

More information

Putting Operators at the Centre of

Putting Operators at the Centre of Putting Operators at the Centre of Enterprise Mobile Security Introduction Small and Medium Enterprises make up the majority of firms and employees in all major economies, yet are largely unidentified

More information

Windows Phone 8.1 in the Enterprise

Windows Phone 8.1 in the Enterprise Windows Phone 8.1 in the Enterprise Version 1.4 MobileIron 415 East Middlefield Road Mountain View, CA 94043 USA Tel. +1.650.919.8100 Fax +1.650.919.8006 info@mobileiron.com Introduction 3 Why Windows

More information

HELPFUL TIPS: MOBILE DEVICE SECURITY

HELPFUL TIPS: MOBILE DEVICE SECURITY HELPFUL TIPS: MOBILE DEVICE SECURITY Privacy tips for Public Bodies/Trustees using mobile devices This document is intended to provide general advice to organizations on how to protect personal information

More information

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely

More information

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future

More information

Don t Let A Security Breach Put You Out of Business

Don t Let A Security Breach Put You Out of Business Don t Let A Security Breach Put You Out of Business Committed to providing you with the most innovative security and privacy solutions. www.boomtechit.com Bring Your Own Device (BYOD) and Mobile Device

More information

Five Steps to Android Readiness

Five Steps to Android Readiness Five Steps to Android Readiness Android State of the Union Ready or not, Android is coming to the enterprise. The rise of Google s Android operating system has ushered a new wave of mobile devices and

More information

Mobile Security & BYOD Policy

Mobile Security & BYOD Policy Mobile Security & BYOD Policy Sarkis Daglian Assistant Manager, Desktop Support Office of Information Technology Isaac Straley UCI Information Security Officer Office of Information Technology Speakers

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise

Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise Jan Wiewiora White Paper Introduction Users are increasingly relying on smartphones and tablets for work. Recent

More information

Control Issues and Mobile Devices

Control Issues and Mobile Devices Control Issues and Mobile Devices ACC 626 Term Paper Ramandip Kaur June 27, 2014 Page Table of Contents Executive Summary...ii 1.0 Introduction... 1 2.0 Current Trends... 1 2.1 Employee Owned Devices and

More information

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:

More information

Session 125: A Health IT Executive s Guide To BYOD Management

Session 125: A Health IT Executive s Guide To BYOD Management Session 125: A Health IT Executive s Guide To BYOD Management Ken Congdon, Editor In Chief, Healthcare Technology Online (DISCLAIMER: The views and opinions expressed in this presentation are those of

More information

Best practices for mobile data protection

Best practices for mobile data protection E-Guide Best practices for mobile data protection This expert e-guide presents five essential best practices for securing employee-liable mobile devices and tablets that will allow you to safely embrace

More information

Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense

Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense SAP White Paper SAP Partner Organization Mobile Device Management Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense Table of Content 4 Mobile Device

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA

More information

Manage and Secure the Mobile Data, Not Just the Device. Stijn Paumen VP Business Development, Wandera

Manage and Secure the Mobile Data, Not Just the Device. Stijn Paumen VP Business Development, Wandera Manage and Secure the Mobile Data, Not Just the Device Stijn Paumen VP Business Development, Wandera The Great Platform Shift 60,000,000 iphone BlackBerry 50,000,000 40,000,000 30,000,000 20,000,000 10,000,000

More information

IT Resource Management & Mobile Data Protection vs. User Empowerment

IT Resource Management & Mobile Data Protection vs. User Empowerment Enterprise Mobility Management Buyers Guide IT Resource Management & Mobile Data Protection vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity

More information

Mobile Security Standard

Mobile Security Standard Mobile Security Standard Title Mobile Security Standard Mobile Device Security Category Version: 18/07/2013 PUBLISHED Author:, IT Services Contact: itsecurity@contacts.bham.ac.uk Mobile Security Standard

More information

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policies and Procedures Manual Policy Number: I240 Page 1 of 9

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policies and Procedures Manual Policy Number: I240 Page 1 of 9 Page 1 of 9 TITLE: INFORMATION SECURITY: DEVICE AND MEDIA CONTROLS POLICY: Reasonable steps are taken to protect, account for, properly store, back up, encrypt and dispose of hardware, paper and electronic

More information

Feature List for Kaspersky Security for Mobile

Feature List for Kaspersky Security for Mobile Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance

More information

Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations

Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations Inside ü Tips for deploying or expanding BYOD programs while remaining

More information

How to Secure Your Environment

How to Secure Your Environment End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

More information

Athena Mobile Device Management from Symantec

Athena Mobile Device Management from Symantec Athena Mobile Device Management from Symantec Scalable, Secure, and Integrated Device Management for ios and Android Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile

More information

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS ENTERPRISE MOBILITY USE CASES AND SOLUTIONS ENTERPRISE MOBILITY USE CASES AND SOLUTIONS Mobility is no longer a trend it s how business gets done. With employees using multiple mobile devices and the availability

More information

How Technology Executives are Managing the Shift to BYOD

How Technology Executives are Managing the Shift to BYOD A UBM TECHWEB WHITE PAPER SEPTEMBER 2012 How Technology Executives are Managing the Shift to BYOD An analysis of the benefits and hurdles of enabling employees to use their own consumer devices in the

More information

Mobile Security BYOD and Consumer Apps

Mobile Security BYOD and Consumer Apps Mobile Security BYOD and Consumer Apps Adam Shnider, Managing Director, Coalfire October 16, 2012 Agenda I. The Mobile World - Trends I. Mobile devices - threats and risks I. BYOD Security Top Five I.

More information

Bring Your Own Device Mobile Security

Bring Your Own Device Mobile Security Abstract Energized by the capability of consumer mobile devices employees demanded them in the workplace. Information technology organizations had neither the time nor budget to satisfy employee demands.

More information

Mobile First Government

Mobile First Government Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,

More information

Guidelines. I. Purpose. A. Ownership and Responsibilities

Guidelines. I. Purpose. A. Ownership and Responsibilities MDM Guidelines I. Purpose The purpose of these guidelines is to establish mobile device management standards for securing college owned mobile devices. College owned devices are defined as any smart device

More information

ONE Mail Direct for Mobile Devices

ONE Mail Direct for Mobile Devices ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document

More information

WHITE PAPER. The CIO s guide. management

WHITE PAPER. The CIO s guide. management WHITE PAPER The CIO s guide to building a mobile device management strategy and how to execute on it Executive Summary The explosive growth of employee mobility is driving the rapid adoption of mobile

More information

BYOD AND ME. How cell phone hacking effects your business.! Richard Rigby CEO Wraith Intelligence

BYOD AND ME. How cell phone hacking effects your business.! Richard Rigby CEO Wraith Intelligence BYOD AND ME How cell phone hacking effects your business! Richard Rigby CEO Wraith Intelligence 90% of companies will offer BYOD, or bring-your-own-device options to employees by 2014, according to Gartner.

More information

BYOD and Mobile Device Dependency

BYOD and Mobile Device Dependency BYOD and Mobile Device Dependency Thursday, November 8, 2012 Brian Thomas, CISA, CISSP & Shohn Trojacek, CISSP Brian Thomas, CISA, CISSP Partner, IT Advisory Services at Weaver Provides security, IT audit

More information

Audit Report. Mobile Device Security

Audit Report. Mobile Device Security Audit Report Mobile Device Security A-14-14-14051 September 2014 MEMORANDUM Date: September 26, 2014 Refer To: To: From: The Commissioner Inspector General Subject: Mobile Device Security (A-14-14-14051)

More information

How to Successfully Roll Out an Android BYOD Program

How to Successfully Roll Out an Android BYOD Program How to Successfully Roll Out an Android BYOD Program Nathan Steuer, Director of Mobility Solutions Ann Marie Cullen, Advisory Services Manager Global Computing Platform Market Share! 1Billion! Android

More information

Research Information Security Guideline

Research Information Security Guideline Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different

More information

New Devices Mean New Risks: The Potential for Liability When Software is a Component of Medical Devices. September 25, 2013

New Devices Mean New Risks: The Potential for Liability When Software is a Component of Medical Devices. September 25, 2013 New Devices Mean New Risks: The Potential for Liability When Software is a Component of Medical Devices September 25, 2013 The Hartford Insuring Innovation Joe Coray Dan Silverman Providing insurance solutions

More information

Three Best Practices to Help Government Agencies Overcome BYOD Challenges

Three Best Practices to Help Government Agencies Overcome BYOD Challenges WHITE PAPER This paper discusses how IT managers in government can address the challenges of the new Bring-Your-Own-Device (BYOD) environment as well as best practices for ensuring security and productivity.

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI Office of Regulatory Compliance 13001 E. 17 th Place, Suite W1124 Mail Stop F497 Aurora, CO 80045 Main Office: 303-724-1010 Main Fax: 303-724-1019 HIPAA Policy 7.1 Title: Source: Prepared by: Approved

More information

BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE

BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE INTRODUCTION The technological revolution has made us dependent on our mobile devices, whether we re at home, in the office, on the go or anywhere

More information

Electronic Communication In Your Practice. How To Use Email & Mobile Devices While Maintaining Compliance & Security

Electronic Communication In Your Practice. How To Use Email & Mobile Devices While Maintaining Compliance & Security Electronic Communication In Your Practice How To Use Email & Mobile Devices While Maintaining Compliance & Security Agenda 1 HIPAA and Electronic Communication 2 3 4 Using Email In Your Practice Mobile

More information

REGULATIONS AND COMPLIANCE FOR ENTERPRISE MOBILE HEALTH APPLICATIONS

REGULATIONS AND COMPLIANCE FOR ENTERPRISE MOBILE HEALTH APPLICATIONS REGULATIONS AND COMPLIANCE FOR ENTERPRISE MOBILE HEALTH APPLICATIONS Author: Dilip Chatulingath A RapidValue Solutions Whitepaper Contents Mobilizing healthcare applications 01 Security concerns and challenges

More information

Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility. www.maas360.

Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility. www.maas360. MaaS360.com > White Paper Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility www.maas360.com 1 Copyright 2014 Fiberlink Communications Corporation.

More information

Mobile Device Security

Mobile Device Security Mobile Device Security Presented by Kelly Wilson Manager of Information Security, LCF Research New Mexico Health Information Collaborative (NMHIC) and the New Mexico Health Information Technology Regional

More information

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization Alertsec offers Cloud Managed - Policy Controlled - Security Modules for Ensuring Compliance at the Endpoints Contents

More information

Addressing NIST and DOD Requirements for Mobile Device Management

Addressing NIST and DOD Requirements for Mobile Device Management Addressing NIST and DOD Requirements for Mobile Device Management Whitepaper 2013 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free: 1.866.377.8771 www.forescout.com Contents 1. OVERVIEW

More information