Smart phones and tablets have been an integral part of our home and work lives for over a decade. And, while government agencies were initially slow to adopt mobile platforms, they are now integral to citizen experience and mission success.
“Today mobility is on the bleeding edge of all aspects of government work, however too many agencies do not recognize this trend and, as a result, do not include mobility at the top of their list when it comes to IT security risk assessment or planning,” shared Bryan Schromsky, Managing Director of Verizon Connected Solutions.
In fact, 82 percent of agencies say that mobile devices present serious risks to mission integrity. Having heard these concerns from their public sector customers, the cyber security team at Verizon Federal Solutions assessed the risks posed by mobile devices and developed guidance to help federal IT leaders reap the rewards of mobile devices while helping to mitigate their risk.
Based on interviews with over 600 professionals, the index confirmed the trend noticed by federal agencies and revealed important insights about why mobile devices present a significant security risk for the public sector. What became clear was that cyber attackers aren’t interested in mobile devices because of the data they hold, they’re interested in them as a gateway to access core business systems. It’s these core systems and applications that hold far more lucrative information, including citizen’s personally identifiable information, national security secrets, and other highly sensitive – and highly valuable – data. As federal government agencies become more reliant on mobile devices to meet the mission, the more opportunities there are for them to be compromised and used as an access point for a serious breach.
What steps can public sector organizations take to mitigate this risk that don’t involve abandoning mobile device use?
Bryan suggests three steps that all public sector organizations should take:
- Educate End Users: The Mobile Security Index clearly showed that while agencies were highly confident in their ability to identify a compromised device and respond to an attack. However, with more than one in three agencies being the victims of a mobile device-based attack in the last year, and with only in ten agencies reporting that there highly confident of their employees’ knowledge of mobile security, there’s still work to be done.
- Establish an Acceptable Use Policy (AUP): An AUP or Mobile Device Management policy, establishes how agency workers can, and can’t, use their mobile devices. Federal agencies, including the Department of Treasury, the National Oceanic and Atmospheric Administration (NOAA), and the National Institutes of Health are among the agencies that have clear use policies covering use of agency-issued devices as well as acceptable use of personal devices.
- Unify Endpoint Management: Unified Endpoint Management (UEM) empowers the user to overcome the challenges of deploying and managing mobility services through a single portal. Using the portal, features of a mobile device can be enabled, or disabled, as needed. By removing unnecessary functionality, security risks are lowered. The risk of an accidental compromise is also lowered.
In closing our conversation, Bryan shared a thought-provoking twist on the mobility-security equation, turning it on its head. “Mobility services can provide better security capabilities for government agencies. Mobility enables agencies to use other factors in granting access to sensitive information; for instance, an agency can use a device’s GPS location, biometric authentication or a second piece of hardware validation.”