As an early adopter of technology, I’m always looking for new mobile phone features and business apps that can make me more productive. If you rely on your smartphone as much as I do, you may also appreciate how mobile helps industries worldwide work smarter and more cost effectively by providing anywhere, anytime data access for employees. But with these benefits comes the need to address one of the technology’s biggest challenges: mobile security management. From my vantage point, it’s particularly critical for the U.S. federal government to get mobile security right.
Working with the federal sector, I have a front-row seat to observe the mobile transformation. As mobile devices achieve widespread adoption in the federal workplace, mobile security threats are soaring as well. In 2016, Dark Reading reported that government agency breaches over the past five years resulted in nearly 47 million records being compromised or stolen.
This reality brings an increased urgency to determine what security measures to put in place. Consider these four best practices for proactive mobile security management within the federal space.
1. Update with security patches. How many times have you received a push notification to update your operating system or software with the latest security patch — and then ignored it? From what I’ve seen, this scenario is all too common.
Everyone’s busy, and it can be tempting to let these patches slip by and hope for the best. But to help combat mobile security threats, it’s important that these updates occur immediately and regularly. As operating systems become more developed, the skills of those who may be trying to hack into the federal environment increase as well. This means failure to install security patches for new OS versions can lead to data being compromised. Our Knox team looks very closely at emerging mobile security threats, and we provide monthly security updates to keep our enterprise customers protected.
2. Remember the basics.The always-on-the-go nature of mobility paired with today’s 24/7 work hard, play hard mentality makes it easy to forget some essentials of mobile security management. So make a mental note that when you access networks — especially public Wi-Fi — you need to be sure all data stored on your phone or transiting through it is properly encrypted to keep it confidential. In situations like these, utilizing a mobile VPN or data separation solution is your best defense.
Using devices that come equipped with encryption technologies helps take the guesswork out of this step. Samsung Knox, for example, uses a unique hardware-based cryptographic key that is unique to each device to encrypt and decrypt data, establishing a Root of Trust upon which the security platform is built. Additionally, to avoid becoming the latest victim of a federal cybercrime, you should never keep unnecessary “bloatware” apps and software on your smartphone that could compromise your device. Our Knox Customization solution provides an elegant way to configure a fleet of mobile devices, removing unnecessary preloaded apps or even locking down the device to perform a specific function.
3. Strengthen mobile security with multifactor authentication. Compromised credentials are behind a quarter of all data breaches, according to a Cloud Security Alliance report cited in Infosecurity Magazine. With this in mind, derived credentials should be just one arm of a broader federal cybersecurity strategy to verify user identity. Mobile devices shouldn’t be considered secure until multiple forms of identity verification — such as a PIN and biometric authentication — are in place to protect access to federal networks, servers and applications.
This is why the new Samsung Galaxy S8 and S8+ smartphones not only give users the ability to input a secure password or PIN code, but they also include several options of biometric authentication, including fingerprint and iris scanning. The S8’s iris scanning technology is an important differentiator, particularly when combined with the government-certified chip-level security of Samsung Knox. These multiple protective layers working at both the hardware and software levels are what’s needed to help federal users protect sensitive data on government mobile devices.
4. Boost user authentication via derived credentials. One of the biggest mobile security challenges that I’m seeing federal agencies struggle with relates to proof of user. How can you ensure that the right person uses the right device on the right network? Unfortunately, the old cybersecurity rules no longer apply. It’s insufficient to lock down a device with a password or personal identification number (PIN) since these can be overwritten.
Derived credentials provide verification of personal identity via a “smart card” rather than a password. Not only do derived credentials free end users from complex password requirements, but they also help federal agencies become less reliant on vulnerable password information. It’s an endpoint-to-endpoint solution that should be top of mind for mobile security management in any federal setting.
Some federal agencies wait until there’s a fire to put out before considering their mobile security management plan — don’t be one of them. By preparing proactively for mobile security threats, you can help pave the way to the federal workplace of the future.
Our government technology solutions are ready to assist government agencies with their digital transformation efforts.