Mobile Devices in Healthcare: Managing Risk. June 2012
|
|
- Rafe Terry
- 8 years ago
- Views:
Transcription
1 Mobile Devices in Healthcare: Managing Risk June
2 Table of Contents Introduction 3 Mobile Device Risks 4 Managing Risks and Complexities 5 Emerging Solutions 7 Conclusion 7 References 8 About the Author 9 About CHAN HEALTHCARE 10 Key Contacts 10 2
3 Introduction Since the 1876 invention of the telephone, the growth of communication and information collecting devices has continually accelerated. According to internetworldstats.com 2.3 billion of the world s 6.9 billion people were internet users at the end of 2011, reflecting 528% growth over the last decade. Mobile Marketing published an article (April 4th, 2011) on digitalbuzzblog.com, noting that 1.08 billion of the world s four billion mobile phones were Smartphones. They also predicted that mobile internet users (onethird of desktop users in 2007) will surpass desktop internet users in Many parts of our day are made easier with mobile devices. Their application to the work environment has been a natural consequence. Yet in a world where privacy is equally valued, use of mobile technology introduces complexities. In 2011, for the first time, Smartphone and tablet shipments exceeded those of desktop and notebook shipments. To be competitive in our changing world, a business must accommodate all communication channels. Healthcare is no exception. It is a competitive market and healthcare organizations must provide the best technological resources they can afford. According to recent surveys reported by Mobile Health News, Saurage Research and CompTIA, more than 50% of physicians use a Smartphone for work purposes. Inexpensive technology options and more user-friendly devices have allowed usage of these devices to grow quickly. Almost one-third of providers use their Smartphones or tablets to access Electronic Medical Record In 2011, 1,546 million (EMR) and Electronic Health Record (EHR) systems, with an additional mobile devices were 20% expected to start within the next year. Also, 38% of physicians sold, up 11.1 percent with Smartphones use medical applications on a daily basis, with that compared with number increasing to 50% in the next 12 months. The accelerated development of new technology is exciting; however, the growing use of mobile devices and the constant change in technology also brings risk. A high regulatory expectation of patient privacy means healthcare organizations must be constantly aware of security risks and balance high quality patient care with security and privacy. Mobile devices are a phenomenal way to provide high quality care, but it is important to be aware of the major risks and ways to mitigate them. This thought paper will discuss developing business risks and complexities as mobile devices are integrated into operations and share tips on ways to manage security and privacy risks related to these devices. 3
4 Mobile Device Risks A risk by definition is something that can impede the achievement of strategic and business objectives. While developing technology can facilitate better care, it can also quickly put the organization s reputation at risk. Privacy is prized by the public and has resulted in several laws over the last two decades that significantly penalize organizations who do not protect it. The use of mobile devices in healthcare, both hospital and personally owned, presents a number of risks to the security of patient and healthcare information. It is important to be aware of these risks and mitigate them through process design, policy enforcement and controls when possible. The following are some of the key risks related to mobile devices in healthcare: 1. Lack of training and awareness of security procedures and mobile device usage policies. 2. Lost or stolen devices resulting in access to sensitive information including electronic Protected Health Information (ephi). 3. Unauthorized storage of ephi on mobile devices. 4. Unauthorized access and use of devices and the applications and data that reside on them. 5. Lack of proper virus protection and software controls. 6. Installation of unapproved or malicious applications. 7. Jailbreaking of devices resulting in increased risk from malicious software. 8. Use of unsecured wireless networks. These basic risks will continue to grow in the upcoming years due to constant changes in the mobile device market and regulatory environment. New products continue to be released at a rapid pace, and healthcare organizations will continue to enable adoption to stay relevant in a competitive market. Taking appropriate steps to understand the risks can improve the organization s ability to better manage them going forward. The following details can assist healthcare organizations in taking these first steps. 4
5 Managing Risks and Complexities User Training and Awareness Many users of mobile devices are not aware that leaving a device unlocked without a password and then connecting to , company sites, external websites and unsecured wireless networks presents significant risk to the organization. All it really takes is one employee to leave a mobile device open with Electronic Personal Health Information (ephi) on it to cause legal and financial problems for the organization. Policies and access protocols must ensure all users are trained on proper security procedures for using these devices before they are issued or allowed access to the organization s systems. Lost or Stolen Devices Portability is one of the major benefits of using mobile devices. However, from a security perspective, this means devices can be easily misplaced or stolen. It is critical that procedures formalized in the Information Technology (IT) department anticipate lost or stolen devices and provide an appropriate response. Organizations that allow use of personal mobile devices should work with IT to enforce the same security protocols in the event that a personal device is lost or stolen. All employees should be required to agree to these procedures before issuance of a device. All devices should be password protected and encrypted so unauthorized users cannot access any information on the device without proper authorization. It is advisable for IT to have the ability to remote lock and wipe these devices, virtually securing them even in the event they are lost or stolen. Unauthorized Storage Rapid advancement of mobile technology has increased the ability of these devices to store ephi. Maintaining ephi across more tools with mobility increases the likelihood of inappropriate disclosure or theft. Policies that limit storage of ephi to approved platforms should be developed and communicated to all employees. The IT Department should also work to deploy available technological resources to prevent storage on these devices, whenever possible. The technologies used can include tools that limit the types of information stored on the device, prevent all device storage, or limit the types of software used on the device. Unauthorized Access and Use of Devices In the past inappropriate access to information was protected by a door, a private desk and a computer password. Mobile devices remove two of these barriers and greatly increase the need for a clear security policy and enforcement processes. Strict password protection and encryption of physical storage on the devices are minimums. All organization-owned devices should be configured to have both password controls and encryption enforced through security policies, or through the use of other mobile device management software. Mobile device management software provides better control for devices that are connected to company resources, enhances security of devices and allows for managing Mobile Device Management (MDM) Software MDM software is used to track mobile devices being used on-site, control devices which access network data and typically provides the ability to push out security setting policies. Many applications claim to provide these services, top names include, Boxtone, Apperian, Odyssey Software, Maas360, and MobileIron. However, MDM Software should always be acquired based on the unique needs of the environment. multiple types of devices with one product. However, many users connect their own personal devices to check company and access other resources. It is important to configure all settings to require these devices abide by the company security policy as well. As devices multiply their management becomes more complicated, however mobile device management solutions are rapidly evolving as well. 5
6 Managing Risks and Complexities, continued Lack of Proper Virus Protection and Software Controls As capabilities of mobile devices expand, so does the capacity to spread viruses. It should be standard practice to install virus protection on all devices that are connecting to a hospital network in any way. Without virus protection, there is a risk that mobile devices can infect the network, leading to loss of systems, breached data and privacy concerns. Policies regarding virus protection and software controls should be regularly communicated to all employees. Only four percent of Smartphones and tablet computers shipped in 2010 had some form of mobile security downloaded and installed. Unauthorized or Malicious Applications If you have downloaded an application onto a mobile device through an iphone, Blackberry, or Android, you are familiar with the warnings regarding what the downloaded application will be able to see and do on the device. Typical warnings include access to contacts, , phone status, network usage and more. For hospital-owned mobile devices, installing any unauthorized application brings additional risk. Written and programmatic policies should be employed to prevent installation of unauthorized software. For example, mobile device management software can help enforce corporate policies regarding applications through the use of application whitelists for approved applications and blacklists for applications that should not be installed. More advanced features and the ability to deploy applications can be provided through the use of mobile device management software. Jailbreaking Jailbreaking is a term used for hacking a mobile device and freeing it from restrictions and controls imposed by the device manufacturer or mobile device service provider. Jailbreaking provides users and applications with administrator-like privileges to the device and the data stored on the device. Websites and software specific for jailbreaking mobile devices are widely available on the internet and through application markets. Mobile device policies should clearly prevent users from jailbreaking any hospital-owned mobile device or using any personally owned device that has been jailbroken to access hospital , networks, data or applications. To enforce this policy, mobile device management software should be deployed. Unsecured Wireless Networks Unsecured, or open, Wi-Fi networks do not require the use of authentication controls (passwords) and do not use encryption to prevent the capture and eavesdropping of unsecured network traffic. Even the use of some secure Wi-Fi networks (requiring authentication) like Wired Equivalent Privacy (WEP) present risk, as there are existing tools and techniques to break WEP keys. To protect traffic between an end user s device and a hospital s network, an encrypted Virtual Private Network (VPN) should be used along with the use of Secure Socket Layer (SSL) encryption for all web-based resources and . Policy should enforce such an approach. Less than one in 20 Smartphones and tablets have third-party security software installed in them, despite a steady increase in threats. 6
7 Emerging Solutions Solutions and software to manage mobile devices change as quickly as the devices. Many companies currently have systems that allow for some security to be managed on their devices. However, many standard security settings do not provide full mobile device management for any type of device that connects to the hospital network. As technology continues to evolve, there will be many options available to manage devices. While all products have their advantages and disadvantages, it is important to remember that there are many different types of devices with different security configurations. When choosing what works best for your organization, it is important to consider a self-inventory of the risks present with these devices and the controls needed to mitigate them. Assessing your current mobile device management processes with a few key risk questions like the ones below can get you started. Remember to include key stakeholders from all areas of your organization to help find the right solution. 25% of health care providers surveyed use tablets at their practice, while another 21% expect to do so in the next 12 months. 1. Do you have an inventory of all mobile devices used within business operations? 2. Do you have a security policy that covers use of mobile devices? If so, which has been effectively communicated? 3. Is your security policy enabled by technology to track and enforce security standards? 4. Is there a defined approval process for granting mobile devices access? 5. Do processes exist to determine that all devices have appropriate security settings? 6. Does the organization have the ability to delete data if devices are lost or stolen? Conclusion The use of mobile devices will continue to grow and the changing security landscape of these devices will always make them a security concern, specifically in a privacy conscious healthcare environment. Healthcare organizations must continually review the risks of mobile devices in their facilities and update policies and procedures regularly. Mobile device management and security should always be a formal part of the comprehensive data access and security plan. These devices are designed to help employees increase efficiency and provide a better patient experience. A strong foundation for mobile device security can help to achieve the ideal intended uses. The healthcare organization should always set the tone that security of these devices should be a primary objective for everyone. Constant education and user awareness can help to prevent problems in the future. If managed properly and securely, these devices will continue to be a benefit to the organization. 7
8 References CompTIA. CompTIA. N.p., n.d. Web. 15 May Canalys Insight. Innovation. Impact. Canalys Insight. Innovation. Impact. N.p., n.d. Web. 15 May Department of Health and Human Services. DHHS. N.p., n.d. Web. 15 May hhs.gov. Dolan, Brian. mobihealthnews. mobihealthnews. N.p., n.d. Web. 15 May mobihealthnews.com. Hepburn, Aden. Infographic: Mobile Statistics, Stats & Facts 2011 Digital Buzz Blog. Digital Buzz Blog Digital Campaigns, Online Marketing, Social & More. N.p., Web. 4 Apr digitalbuzzblog.com HIMSS (Healthcare Information and Management Systems Society). HIMSS (Healthcare Information and Management Systems Society). N.p., n.d. Web. 15 May Home mobithinking. Home mobithinking. N.p., n.d. Web. 15 May IDC Home: The premier global market intelligence firm. IDC Home: The premier global market intelligence firm. N.p., n.d. Web. 15 May ISACA. ISACA. N.p., n.d. Web. 15 May Marketing Research Firm Branding Strategies & Competitor Analysis Saurage Marketing Research. Marketing Research Firm Branding Strategies & Competitor Analysis Saurage Marketing Research. N.p., n.d. Web. 15 May Online Marketing Agency - Minneapolis, MN Spyder Trap Online Marketing. Online Marketing Agency - Minneapolis, MN Spyder Trap Online Marketing. N.p., n.d. Web. 15 May spydertrap.com. Predictive Analysis Intelligent Analysis Strategic Market Research Strategy Analytics. Predictive Analysis Intelligent Analysis Strategic Market Research Strategy Analytics. N.p., n.d. Web. 15 May
9 About the Author Jeff Good is a Certified Information Systems Auditor and holds a Bachelor of Science degree in Computer Management (Information Systems) from Eastern Illinois University. Mr. Good has worked in the Information Technology (IT) Area for over 10 years and serves in CHAN HEALTHCARE s IT Audit Practice. His audits have covered several health systems and provide a solid industry perspective. Mr. Good participates in client risk assessments and system implementation reviews to help clients to identify weaknesses in their most critical areas. Through these projects he has provided clients with detailed issues and action plans to help strengthen internal controls in many critical hospital areas. Prior to joining CHAN HEALTHCARE, Mr. Good worked at a professional firm in an IT Risk Advisory Services Practice serving many different clients and industries. 9
10 About CHAN HEALTHCARE CHAN HEALTHCARE was the first and remains the only company in the United States focused exclusively on providing internal audit and consulting services to the healthcare industry. CHAN HEALTHCARE has implemented internal audit and consulting services at more than 25 healthcare networks, with ongoing operations in over 700 healthcare facilities nationwide. Our 320+ Associates represent CHAN HEALTHCARE to provide independent assurance that business risks and opportunities are identified and managed from implementing our Client Value Model to providing services in Coding, Compliance, Information Technology, Data Analytics, and Governance education. Find out more about CHAN HEALTHCARE at or call Key Contacts Dan Clayton Director of Knowledge Management CHAN HEALTHCARE Sarah Edwards Chief Communications Officer CHAN HEALTHCARE Copyright 2012 CHAN HEALTHCARE LLC. All rights reserved. 10
{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationYes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD
STRATEGY ANALYTICS INSIGHT October 2012 Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD By Mark Levitt, Analyst/Director at Strategy Analytics BYOD
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationMobile Security: Controlling Growing Threats with Mobile Device Management
Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:
More informationSamsung Mobile Security
Samsung Mobile Security offering enhanced core capabilities for enterprise mobility Samsung Enterprise Mobility Enterprise-ready Mobility management for your business Samsung Mobile Security offers enterprise
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the
More informationBring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com
Bring Your Own Device (BYOD) and Mobile Device Management tekniqueit.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks
More informationBring Your Own Device (BYOD) and Mobile Device Management. www.cognoscape.com
Bring Your Own Device (BYOD) and Mobile Device Management www.cognoscape.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks
More informationThe Risks and Rewards of Social Media and Mobile Devices
The Risks and Rewards of Social Media and Mobile Devices October 29-30, 2012 Tony Brooks, CISA Principal & Director of IT Assurance Tony and Brooks, Risk Services CISA, CRISC Partner HORNE - IT LLP Assurance
More informationChoose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com
Choose Your Own Device (CYOD) and Mobile Device Management gsolutionz.com Choose Your Own Device (CYOD) and Mobile Device Management 2 gsolutionz.com People are starting to expect the ability to connect
More informationA guide to enterprise mobile device management.
WHITEPAPER A guide to enterprise Beyond expectation. www.azzurricommunications.co.uk Introduction. As smartphones and tablets proliferate in the enterprise, IT leaders are under pressure to implement an
More informationHow To Protect Your Mobile Devices From Security Threats
Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has
More informationMobile Device Management for CFAES
Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are
More informationChris Boykin VP of Professional Services
5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationLaptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice
Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA
More informationInsert Partner logo here. Financial Mobility Balancing Security and Success
Financial Mobility Balancing Security and Success Copyright 2012 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information of Fiberlink.
More informationBring Your Own Device (BYOD) and Mobile Device Management
Bring Your Own Device (BYOD) and Mobile Device Management Intivix.com (415) 543 1033 PROFESSIONAL IT SERVICES FOR BUSINESSES OF ALL SHAPES AND SIZES People are starting to expect the ability to connect
More informationBRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT
BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT www.intivix.com (415) 543 1033 HELP TEAM MEMBERS TO COLLABORATE MORE EASILY FROM ANYWHERE. People are starting to expect the ability to connect
More informationSecurity and Compliance challenges in Mobile environment
Security and Compliance challenges in Mobile environment Emerging Technologies November 19, 2013 Bob Bastani Introductions Bob Bastani, Security & Compliance Program Manager, IBM, 301-803-6078, bbastani@us.ibm.com
More informationMobility, Security Concerns, and Avoidance
By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to
More information10 best practice suggestions for common smartphone threats
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
More informationCDW PARTNER REVIEW GUIDE MOBILE DEVICE MANAGEMENT
CDW PARTNER REVIEW GUIDE MOBILE DEVICE MANAGEMENT GETTING CONTROL OF MOBILITY IN THE MARKET In a 2011 IDC study, IT decision-makers report that, on average, 34 percent of their employees access business
More informationMobile Device Security Is there an app for that?
Mobile Device Security Is there an app for that? Session Objectives. The security risks associated with mobile devices. Current UC policies and guidelines designed to mitigate these risks. An approach
More informationAdams County, Colorado
Colorado Independent Consultants Network, LLC Adams County, Colorado Bring-Your-Own-Device Policy Prepared by: Colorado Independent Consultants Network, LLC Denver, Colorado March 20, 2014 Table of Contents
More informationAuditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014
Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Auditing the Security and Management of Smart Devices ISACA Dallas Meeting
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationSecuring Health Data in a BYOD World
BUSINESS WHITE PAPER Securing Health Data in a BYOD World Five strategies to minimize risk Securing Health Data in a BYOD World Table of Contents 2 Introduction 3 BYOD adoption drivers 4 BYOD security
More informationSecuring Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper
Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationHow To Protect Your Business Information From Being Stolen From A Cell Phone Or Tablet Device
Page 2 of 14 Securing Critical Corporate Data in a Mobile World Page 3 of 14 Table of Contents 1 Mobile is the New Normal... 4 1.1 The Critical Importance of Mobile Security... 4 1.2 Mobile Security Challenges...
More informationUse of tablet devices in NHS environments: Good Practice Guideline
Use of Tablet Devices in NHS environments: Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Technology Office Prog. Director Chris Wilber Status APPROVED Owner James Wood
More informationHealthcare Buyers Guide: Mobile Device Management
Healthcare Buyers Guide: Mobile Device Management Physicians and other healthcare providers see value in using mobile devices on the job. BYOD is a great opportunity to provide better and more efficient
More informationPutting Operators at the Centre of
Putting Operators at the Centre of Enterprise Mobile Security Introduction Small and Medium Enterprises make up the majority of firms and employees in all major economies, yet are largely unidentified
More informationWindows Phone 8.1 in the Enterprise
Windows Phone 8.1 in the Enterprise Version 1.4 MobileIron 415 East Middlefield Road Mountain View, CA 94043 USA Tel. +1.650.919.8100 Fax +1.650.919.8006 info@mobileiron.com Introduction 3 Why Windows
More informationEmerging threats for the healthcare industry: The BYOD. By Luca Sambucci www.deepsecurity.us
Emerging threats for the healthcare industry: The BYOD Revolution By Luca Sambucci www.deepsecurity.us Copyright 2013 Emerging threats for the healthcare industry: The BYOD REVOLUTION Copyright 2013 Luca
More informationBYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012
BYOD and Mobile Device Security Shirley Erp, CISSP CISA November 28, 2012 Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html.
More informationHow To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device
Empowering BYOD and Mobile Security in the Enterprise Jeff Baum, APAC Managing Director Growth of Mobile Mobile worker population will reach 1.3 Billion in 2015 Source: IDC Worldwide Mobile Worker Population
More informationHow To Write A Mobile Device Policy
BYOD Policy Implementation Guide BYOD Three simple steps to legally secure and manage employee-owned devices within a corporate environment We won t bore you with the typical overview that speaks to the
More informationIBM Endpoint Manager for Mobile Devices
IBM Endpoint Manager for Mobile Devices A unified platform for managing mobile devices together with your traditional endpoints Highlights Address business and technology issues of security, complexity
More informationHELPFUL TIPS: MOBILE DEVICE SECURITY
HELPFUL TIPS: MOBILE DEVICE SECURITY Privacy tips for Public Bodies/Trustees using mobile devices This document is intended to provide general advice to organizations on how to protect personal information
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:
More informationPermeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions
Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationUse Bring-Your-Own-Device Programs Securely
Use Bring-Your-Own-Device Programs Securely By Dale Gonzalez December 2012 Bring-your-own-device (BYOD) programs, which allow employees to use their personal smartphones, tablets and laptops in and out
More informationONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014
ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program
More informationIT Resource Management & Mobile Data Protection vs. User Empowerment
Enterprise Mobility Management Buyers Guide IT Resource Management & Mobile Data Protection vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity
More informationMobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall
Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future
More informationWhite Paper: The Current State of BYOD
CTOlabs.com White Paper: The Current State of BYOD May 2012 A White Paper providing context and guidance you can use Inside: Snapshot of a fast moving trend Summary of recent surveys Considerations for
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationSAS Mobile BI Security and the Mobile Device
SAS Mobile BI Security and the Mobile Device Version 1.0 April 24, 2015 Contents Introduction...1 Security Features Provided by SAS Mobile BI and SAS Visual Analytics...2 Introduction... 2 Lock the SAS
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationFive Steps to Android Readiness
Five Steps to Android Readiness Android State of the Union Ready or not, Android is coming to the enterprise. The rise of Google s Android operating system has ushered a new wave of mobile devices and
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
More informationControl Issues and Mobile Devices
Control Issues and Mobile Devices ACC 626 Term Paper Ramandip Kaur June 27, 2014 Page Table of Contents Executive Summary...ii 1.0 Introduction... 1 2.0 Current Trends... 1 2.1 Employee Owned Devices and
More informationHow To Protect Your Mobile Device From Attack
Manage and Secure the Mobile Data, Not Just the Device Stijn Paumen VP Business Development, Wandera The Great Platform Shift 60,000,000 iphone BlackBerry 50,000,000 40,000,000 30,000,000 20,000,000 10,000,000
More informationMobile Security & BYOD Policy
Mobile Security & BYOD Policy Sarkis Daglian Assistant Manager, Desktop Support Office of Information Technology Isaac Straley UCI Information Security Officer Office of Information Technology Speakers
More informationDon t Let A Security Breach Put You Out of Business
Don t Let A Security Breach Put You Out of Business Committed to providing you with the most innovative security and privacy solutions. www.boomtechit.com Bring Your Own Device (BYOD) and Mobile Device
More informationMobile First Government
Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,
More informationBest practices for mobile data protection
E-Guide Best practices for mobile data protection This expert e-guide presents five essential best practices for securing employee-liable mobile devices and tablets that will allow you to safely embrace
More informationMobile Security BYOD and Consumer Apps
Mobile Security BYOD and Consumer Apps Adam Shnider, Managing Director, Coalfire October 16, 2012 Agenda I. The Mobile World - Trends I. Mobile devices - threats and risks I. BYOD Security Top Five I.
More informationFeature List for Kaspersky Security for Mobile
Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance
More informationENTERPRISE MOBILITY USE CASES AND SOLUTIONS
ENTERPRISE MOBILITY USE CASES AND SOLUTIONS ENTERPRISE MOBILITY USE CASES AND SOLUTIONS Mobility is no longer a trend it s how business gets done. With employees using multiple mobile devices and the availability
More informationADDING STRONGER AUTHENTICATION for VPN Access Control
ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows
More informationGuidelines. I. Purpose. A. Ownership and Responsibilities
MDM Guidelines I. Purpose The purpose of these guidelines is to establish mobile device management standards for securing college owned mobile devices. College owned devices are defined as any smart device
More informationMobile Device Management
1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating
More informationBYOD AND ME. How cell phone hacking effects your business.! Richard Rigby CEO Wraith Intelligence
BYOD AND ME How cell phone hacking effects your business! Richard Rigby CEO Wraith Intelligence 90% of companies will offer BYOD, or bring-your-own-device options to employees by 2014, according to Gartner.
More informationManaging Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense
SAP White Paper SAP Partner Organization Mobile Device Management Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense Table of Content 4 Mobile Device
More informationBYOD and Mobile Device Dependency
BYOD and Mobile Device Dependency Thursday, November 8, 2012 Brian Thomas, CISA, CISSP & Shohn Trojacek, CISSP Brian Thomas, CISA, CISSP Partner, IT Advisory Services at Weaver Provides security, IT audit
More informationThree Best Practices to Help Government Agencies Overcome BYOD Challenges
WHITE PAPER This paper discusses how IT managers in government can address the challenges of the new Bring-Your-Own-Device (BYOD) environment as well as best practices for ensuring security and productivity.
More informationMobile Security Standard
Mobile Security Standard Title Mobile Security Standard Mobile Device Security Category Version: 18/07/2013 PUBLISHED Author:, IT Services Contact: itsecurity@contacts.bham.ac.uk Mobile Security Standard
More informationSymantec Mobile Management 7.1
Scalable, secure, and integrated device management for healthcare Data Sheet: Industry Perspectives Healthcare Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any
More informationAddressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility. www.maas360.
MaaS360.com > White Paper Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility www.maas360.com 1 Copyright 2014 Fiberlink Communications Corporation.
More informationBuilding an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise
Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise Jan Wiewiora White Paper Introduction Users are increasingly relying on smartphones and tablets for work. Recent
More informationREGULATIONS AND COMPLIANCE FOR ENTERPRISE MOBILE HEALTH APPLICATIONS
REGULATIONS AND COMPLIANCE FOR ENTERPRISE MOBILE HEALTH APPLICATIONS Author: Dilip Chatulingath A RapidValue Solutions Whitepaper Contents Mobilizing healthcare applications 01 Security concerns and challenges
More informationResearch Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
More informationBring Your Own Device Mobile Security
Abstract Energized by the capability of consumer mobile devices employees demanded them in the workplace. Information technology organizations had neither the time nor budget to satisfy employee demands.
More informationWHITE PAPER. The CIO s guide. management
WHITE PAPER The CIO s guide to building a mobile device management strategy and how to execute on it Executive Summary The explosive growth of employee mobility is driving the rapid adoption of mobile
More informationMobile Security: Threats and Countermeasures
Mobile Security: Threats and Countermeasures Introduction Mobile devices are rapidly becoming the primary end-user computing platform in enterprises. The intuitive user-experience, robust computing capabilities,
More informationONE Mail Direct for Mobile Devices
ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document
More informationWhite Paper. Data Security. The Top Threat Facing Enterprises Today
White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is
More informationIndustry Trends An Introduction to Security Breach Prevention, BYOD, & ERP System Implementation
Industry Trends An Introduction to Security Breach Prevention, BYOD, & ERP System Implementation The Central Florida Chapter of The Florida Government Finance Officers Association 2/7/2014 K. Adam Glover,
More informationAudit Report. Mobile Device Security
Audit Report Mobile Device Security A-14-14-14051 September 2014 MEMORANDUM Date: September 26, 2014 Refer To: To: From: The Commissioner Inspector General Subject: Mobile Device Security (A-14-14-14051)
More informationMcAfee Enterprise Mobility Management
McAfee Enterprise Mobility Management Providing mobile application enablement and HIPAA security compliance Table of Contents HIPAA and ephi 3 Overview of 3 HIPAA Compliance for Remote Access 4 Table 1.
More informationAthena Mobile Device Management from Symantec
Athena Mobile Device Management from Symantec Scalable, Secure, and Integrated Device Management for ios and Android Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile
More informationHow To Manage A Mobile Device Management (Mdm) Solution
Mobile Device Management Buyers Guide IT departments should be perceived as the lubricant in the machine that powers an organization. BYOD is a great opportunity to make life easier for your users. But
More informationBYOD. Bring Your Own Device - Mobile Device Management. www.prooncall.com
BYOD Bring Your Own Device - Mobile Device Management www.prooncall.com Bring Your Own Device (BYOD) Mobile Device Management People are starting to expect the ability to connect to public networks and
More informationBYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE
BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE INTRODUCTION The technological revolution has made us dependent on our mobile devices, whether we re at home, in the office, on the go or anywhere
More informationMobile Device Security Risks and RemediaAon Approaches
Mobile Device Security Risks and RemediaAon Approaches Raj Chaudhary, Principal, Crowe Horwath LLP In- Depth Seminars D11 CRISC CGEIT CISM CISA Informal Poll What is your Atle/role? Internal Audit IT Audit
More informationEnterprise Security with mobilecho
Enterprise Security with mobilecho Enterprise Security from the Ground Up When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come
More informationSession 125: A Health IT Executive s Guide To BYOD Management
Session 125: A Health IT Executive s Guide To BYOD Management Ken Congdon, Editor In Chief, Healthcare Technology Online (DISCLAIMER: The views and opinions expressed in this presentation are those of
More informationMedicaid Enterprise Systems Conference 2012
Medicaid Enterprise Systems Conference 2012 Best Practices for Using HIT and HIEs to Keep PHI Secure in an Increasingly Mobile and Technical World Presenters: Charles Sutton, Senior Executive Health Product
More informationManaging Mobility in the BYOD Era:
Managing Mobility in the BYOD Era: New technology requires new thinking Clint Adams Director of Mobile Technology Services cadams@fiberlink.com BYOD is Accelerating 350 million employee-owned devices in
More informationSeparation of Corporate and Personal: Best Practices for Securing Data on Employee-owned Devices
Separation of Corporate and Personal: Best Practices for Securing Data on Employee-owned Devices Val Hetrick, Director, Customer Success Neil Florio, VP Marketing 1 Agenda BYOD Trends End User Perception
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationMobile Device Security
Mobile Device Security Presented by Kelly Wilson Manager of Information Security, LCF Research New Mexico Health Information Collaborative (NMHIC) and the New Mexico Health Information Technology Regional
More informationDell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations
Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations Inside ü Tips for deploying or expanding BYOD programs while remaining
More information