Mobile Device Security



Similar documents
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Security BYOD and Consumer Apps

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Kaspersky Security for Mobile

10 Quick Tips to Mobile Security

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

ONE Mail Direct for Mobile Devices

Tuesday, June 5, 12. Mobile Device Usage

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Feature List for Kaspersky Security for Mobile

BYOD: End-to-End Security

Mobile Health Apps 101: A Primer for Consumers. myphr.com

Chris Boykin VP of Professional Services

Marlon R Clarke, Ph. D., CISSP, CISM Director Network Operations and Services, NSU

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

AirWatch for Android Devices

Your Digital Dollars Online & Mobile Banking

BYOD Policy for [AGENCY]

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida

= AUDIO. The Importance of Mobile Device Management in HIT. An Important Reminder. Mission of OFMQ 12/9/2015

Part 14: USB Port Security 2015

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

Guideline on Safe BYOD Management

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Information Security It s Everyone s Responsibility

Symantec Mobile Management Suite

Bring Your Own Device Policy

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

Mobile Operating Systems & Security

Security for the Road Warrior

Mobile Device Security Is there an app for that?

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Kaspersky Security 10 for Mobile Implementation Guide

Symantec Mobile Management 7.2

Use of Mobile Apps in the Workplace:

Bring Your Own Device (BYOD) and Mobile Device Management.

Mobile Device Security in Healthcare

Cortado Corporate Server

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Bring Your Own Device Bring Your Own Data? Thursday 10th April 2014 Dai Davis Solicitor and Chartered Engineer Partner, Percy Crow Davis & Co

Why you need. McAfee. Multi Acess PARTNER SERVICES

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo.

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Tom Schauer TrustCC cell

Mobile Security & BYOD Policy

SHS Annual Information Security Training

[BRING YOUR OWN DEVICE POLICY]

Bring Your Own Device (BYOD) Mobile Device Management (MDM) Joshua Jacobs, Sawyers & Jacobs LLC jjacobs@sawyersjacobs.com. Presented by Joshua Jacobs

03/06/2014. Bring Your Own Device: A Framework for Audit. Acknowledgement

Smart Ideas for Smartphone Security

How To Protect Your Business Information From Being Stolen From A Cell Phone Or Tablet Device

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

IT Service Desk

Keeping Data Safe. Patients, Research Subjects, and You

McAfee Multi Access from ø. Step-by-step guide to protecting your devices. Always.

GadgetTrak Mobile Security Android & BlackBerry Installation & Operation Manual

Mobile Devices in Healthcare: Managing Risk. June 2012

AirWatch for ios Devices

Addressing NIST and DOD Requirements for Mobile Device Management

Mobile Security & Cybersecurity Issues for Physicians & Patients Across the Care Continuum

Corporate-level device management for BlackBerry, ios and Android

Mobile Device Management (MDM) Policies. Best Practices Guide.

Bring Your Own Device (BYOD) and Mobile Device Management

Emerging threats for the healthcare industry: The BYOD. By Luca Sambucci

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Have you ever accessed

Mobile Device Management

User Manual for Version Mobile Device Management (MDM) User Manual

Salmon Group, Inc. An 8(a) Certified, Veteran owned company

MDM User Guide June 2012

Parla, Secure Cloud

Mobile Device Deployments-The Security Dangers of Technology on the Go

How To Secure Your Mobile Devices

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014

Computer Security at Columbia College. Barak Zahavy April 2010

Securing mobile devices in the business environment

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

Medicaid Enterprise Systems Conference 2012

Designing Enterprise Mobility

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

MAM + MDM = BMS. (Bada$$ Mobile Strategy)

HELPFUL TIPS: MOBILE DEVICE SECURITY

Cyber Security. John Leek Chief Strategist

Security Best Practices for Mobile Devices

Sophos Mobile Control User guide for Apple ios. Product version: 4

Mobile Device Management (MDM) Policies

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

PREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO

Symantec Mobile Management 7.2

Thanks for joining We ll start at 10am

Mobile Security: Controlling Growing Threats with Mobile Device Management

1. Introduction Activation of Mobile Device Management How Endpoint Protector MDM Works... 5

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

Mobile Device Security and Privacy. Discussion - Planning Considerations for a Successful Mobile Device Program

Symantec Mobile Management 7.1

Transcription:

Mobile Device Security Presented by Kelly Wilson Manager of Information Security, LCF Research New Mexico Health Information Collaborative (NMHIC) and the New Mexico Health Information Technology Regional Extension Center (NM HITREC) Albuquerque, New Mexico Live webinar conducted Wednesday, April 17, 2013 2309 Renard Place SE, Suite 210 Albuquerque, New Mexico 87106

MOBILE DEVICE SECURITY Purpose: You will review the many ways we manage patient information, receive an overview of the newer devices being added to the mix, discuss the ways we should be safeguarding patient information on mobile devices (physical, technical, and administrative controls), and be made aware of the risks of not taking security of these devices seriously. Kelly Wilson Mr. Wilson is the Manager for Information Security for LCF Research. He has 20 years experience in information technology including 15 years in healthcare IT. He is the go-to person at LCF for technical HIT security information and solutions for the New Mexico Health Information Collaborative (NMHIC) and the New Mexico Health Information Technology Regional Extension Center (NM HITREC) programs. Prior to joining LCF, Mr. Wilson worked for Presbyterian Healthcare Services for twelve years, as Manager of Information Security for three and a half years and a Systems Engineer for eight and a half years. While serious about security, Mr. Wilson enjoys taking risks as a sky diving instructor and motorcycle enthusiast. Disclosure: Everyone in a position to control the content of this educational presentation has disclosed all relevant financial relationships with any commercial interest to LCF Research, the provider of continuing education credits. LCF is occasionally awarded research and educational grant funding from industry and estimates such funding at less than 25% of overall revenue. None of these presenters have any relevant relationships to disclose. All faculty and planning committee members have attested that: 1) the content they contribute will promote improvements in healthcare and not any specific proprietary business interest of a commercial interest, and that 2) content for this activity will be well balanced, evidence-based, and unbiased. Materials have been reviewed (by a third party where necessary) for validity and bias, and modified where necessary by the course directors and members of the planning committee. Participant feedback about perceived bias towards any commercial entity in the presentation will also be requested. LCF Research is accredited by the New Mexico Medical Society to provide continuing medical education for physicians. LCF Research designates this live activity for a maximum of 1.0 AMA PRA Category 1 Credit TM. Physicians should claim only the credit commensurate with the extent of their participation in the activity. This activity may be acceptable for the Nursing and Physicians Assistant CE credit if applicability to practice can be shown. Nurses and Allied Health Professionals are encouraged to attend. An Evaluation/Statement of Participation form is required to record CME credit and is requested from all participants. Credit certificates will be e-mailed directly to those completing the evaluation/statement of participation form. The New Mexico Health Information Technology Regional Extension Center (NM HITREC) is a collaboration of three organizations LCF Research, HealthInsight New Mexico, and the New Mexico Primary Care Association who are working together to support healthcare providers throughout the state in achieving meaningful use of electronic health records (EHRs) to improve patient care. Credit not available for replay

Mobile Device Security Kelly Wilson Information Security Manager LCF Research / NMHIC NMHITREC Partner Introductions: Why are you here?

Patient Data: The Good ol Days FAX Phone Snail Mail Sneakernet Closed, Proprietary EHR s Patient Data: Today Email Thumb drives, DVD s, removable media Remote Access from home/away from the office Smart phones, tablets, laptops, home PC s Web-based EHR s HIE Health Information Exchanges Mobile devices

Mobile Devices Overview: It s a Box of Radios Smartphones: A handheld computer that also makes phone calls. Tablets: Same as a smartphone but doesn t make phone calls. Bluetooth (wireless audio and/or data). WiFi (Wireless Internet). GPS (Global Positioning System, location to 3 meters). 3G / 4G (phone network data connections). NFC (Near Field Communications - bump, swipe, pay terminals, etc.). Turn off radios that are not in use. Devices Overview: Operating Systems Google / Android Apple / ios Blackberry Windows Mobile

Mobile Devices Overview: Cool Stuff Thousands of apps Always online mobility the Internet in your pocket Easy to use Lots of internal memory: a mobile hard drive Easy to share stuff Stores your email, web and bank accounts and passwords Location based services: maps, directories, retailers Mobile Devices Overview: Not so cool stuff Apps designed to share you and your data with minimal controls. Security problems like a regular computer: Malware, Spam, Key loggers. Difficult to secure, confusing permission options. The bad guys of the Internet want what's in your pocket. Stores your email, web and banking accounts and passwords. Easier to lose, high rate of theft. Unauthorized use. Location tracking.

Mobile Devices Overview: Cameras Built in photo and high-def video. Location info embedded into photos. Barcode readers. QR (Quick Response) Codes: risks. Device Risk Management: Mine vs. Yours BYOD (bring your own device): More difficult to secure Lack of accountability Security left to individuals Lack of standard security configurations Multiple untrusted users (family, friends) Rooting, jailbreaking, unauthorized apps

Mobile Device Risk Management: Company issued/controlled: Documented security policies Authorized applications Authorized users Managed security configurations (Exchange Activesync, Apple MDM) Password strength/quality, auto screen lock, login failure lockouts Device and removable media encryption, anti-malware Security logging Mobile Device Risk Management: (cont.) Administrative Safeguards: 45 CFR Part 160 Subpart C -- 164.306 Security Standards: General rules: Ensure the Confidentiality, Integrity, and Availability of Protected Health Information. Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.

Mobile Device Risk Management: (cont.) 164.30 Administrative Safeguards: Risk Analysis and Risk Management. Risk Assessment Guidelines NIST 800-30 & NIST 800-39 Policies and Procedures What should a policy cover? What should a procedure cover? End user training Mobile Device Risk Management: (cont.) 164.312 Technical Safeguards: Passwords, Screen locks, Swipe codes Encryption: Data in motion Data at rest VPN: Virtual Private Networks Anti-Virus, Anti-Malware, Phishing protection Loss/Theft: Find Me apps, Remote device wipe

Security and Privacy: Most common threat to data loss = people Why? Too hard or just think it doesn t apply to them Hundreds of thousands of mobile devices are lost or stolen every year. Puts the business at risk Large fines Consumer/Patient confidence Resources: U.S. Computer Emergency Readiness Team (US-CERT) http://www.us-cert.gov National Institute of Standards and Technology (NIST) http://www.nist.gov/information-technologyportal.cfm U.S Department of Health & Human Services http://www.hhs.gov/ocr/privacy/hipaa/administrati ve/enforcementrule/index.html

Mobile Security References: Threatpost: http://threatpost.com Naked Security: http://nakedsecurity.sophos.com McAfee Mobile Security: http://blogs.mcafee.com/tag/mobile-security FCC Smartphone Security Checker: http://www.fcc.gov/smartphone-security Crimecatchers (stats): http://blogs.absolute.com/crimecatchers/mobile-theft-the-facts/ Apple Mobile Device Management: http://www.apple.com/iphone/business/it-center/deploymentmdm.html Mobile Device Security: What s best for you?

Mobile Device Security Tips Learn to read and understand Terms of Service and App permissions. Don t download any uninvited app or respond to any unknown texts or email. Decide on a password no one could possibly guess. Include special characters and at least one number. Write it down in a safe place. Change your passwords every few weeks. Get the best security software you can get for your device and learn how to configure and use it. Mobile Device Security Tips (continued) Don t make purchases on your mobile device on public Wi-Fi and only make financial transactions on secured sites Keep your phone locked when you re out and about, and don t lend it out Keep your apps and device software up to date. If you don t need/use it, delete it Don t let your device record anything you don t want made public

Questions? www.nmhitrec.org (505) 938-9900 This material was prepared by the New Mexico Health Information Technology Regional Extension Center (NM HITREC) as part of its work as the Regional Extension Center for New Mexico, under grant #90RC0028/01 from the Office of the National Coordinator for HIT, U.S. Department of Health and Human Services. NMHITREC-13 4/15/2013 21

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information