Tackling Mobile Security Risks for Government
“Cyber threats. Security breaches. Hacking.”
As mobility becomes more pervasive, these words have become engrained in our work/life culture. The issue of cyber crime has earned national news headlines as governments across the globe grapple with how to build both secure and mobile-enabled infrastructures.
A few weeks ago, Cisco and Mobile Work Exchange released findings from a self-assessment tool that highlights some interesting statistics, enabling us to better understand mobile security best practices and vulnerabilities. The report specifically looks at government employees, 90 percent of whom claim to use at least one mobile device for work, and reveals that many government workers (41 percent) are putting themselves and their agencies at risk.
Here are a few other compelling findings:
- On mobile devices, 31 percent use a public Wi-Fi connection and 25 percent do not set passwords.
- 6 percent of government employees who use a mobile device for work say they have lost or misplaced their phone. In the average Federal agency, that’s more than 3,500 chances for a security breach.
- Despite the Federal Digital Government Strategy, more than one in four government employees have not received mobile security training from their agencies.
The amount of security breaches that have made the news in the past year may come as no surprise given this information. These facts speak to the need for employees to reevaluate their mobile security behaviors and for government agencies to strengthen mobile security protocols.
As the shift toward mobility and cloud services places a greater security burden on endpoints and mobile devices, which in some cases may never even touch the corporate network, we propose that government agencies embrace a two-fold approach to help mitigate these concerns.
Step #1: Train Government Employees about Potential Threats
Informing employees about the potential risks and threats when using either their own device or an agency-issued device can go a long way in helping thwart malicious attacks.
According to a recent blog post by Cisco’s Brett Belding, this type of employee-led behavior can help shape the future of mobility. Users should be encouraged to have an open dialogue with IT teams about secure mobile use and what today’s advanced threats look like and how to avoid them. This will only grow more important as the number and types of connected devices – such as wearables—become more pervasive in government agencies.
Step #2: Institute a Formal Program for Managing Mobile Devices
For many government agencies, it’s difficult to manage the influx in types of connected equipment, especially with a limited IT budget.
To cover the entire attack continuum, agencies need to address a broad range of attack vectors with solutions that operate everywhere the threat can manifest itself: on the network, on endpoints, on mobile devices and in virtual environments.
According to Cisco’s 2014 Annual Security Report, instituting a formal program for managing mobile devices to help ensure that any device is secure before it can access the network is one solution to improve security. At the very least, a personal identification number (PIN) lock should be required for user authentication and the security team should be able to turn off or wipe clean the device remotely if it is lost or stolen.
All organizations – especially government and public sector agencies – should be concerned about finding the right balance of trust, transparency and privacy in their mobility strategy, because a great deal is at stake. However, by evaluating this two-fold approach, government agencies can avoid losing out on the benefits of mobility and instead, reap its rewards. Through a secure approach to mobility, agencies can experience increased productivity and lower operating costs, ultimately benefiting the public they serve.
Want to better understand your mobile security vulnerabilities and habits? Take the assessment here: http://mobileworkexchange.com/hotzone.