855.519.7328

sec-consulting

Mobile Device Security Policy: “Executives Abroad May Get Owned Before They’re Off The Tarmac”

 

Security researcher Justin Morehouse writes that high value employees traveling abroad need to be on guard for attempts to compromise there mobile devices.  Mobile device theft and mobile device misuse leaves your organization vulnerable a corporate network breach, loss or corruption of critical data and the legal consequence if you violate compliance regulations.

Praetorian Secure has the expertise and experience to develop a mobile security policy that protects data in flight or at rest on mobile devices.

Praetorian Secure will work with your staff to define a mobile device security policy:

  • Complete a risk assessment of the mobile devices in your organization.
  • Drafting a mobile device policy consistent with secure mobile device usage and the legalities of compliance regulations.
  • Consult on ways to secure Mobile connections to your network.
  • Consult on ways to secure data that rest on Mobile devices.
  • Consult on ways to retrieve data stored on Mobile devices in case of theft or separation.

Mobile security policy: defining responsibilities and educating users

Mobile Security Policy as with any effort to secure an asset begins with understanding. Understanding how the mobile devices will be used, who will use them and where they will be used.

Some questions to ask mobile device security:

  • Which mobile devices does the IT department support?
  • Can employee-owned mobile devices be used for work, or will all mobile devices be assigned by the company?
  • Is the company billed directly by service providers for mobile devices, or do employees expense their costs?
  • Does the company pay for all mobile devices usage, or is there a monthly spending limit?
  • If there is a spending limit, how does the user reimburse the company if the limit is exceeded?
  • If a mobile device is lost, stolen or broken, is it the responsibility of the company or the employee to replace it?
  • If a mobile device is lost, stolen or broken, what is the process to ensure that the data on the device is/was secure, and at that point, is responsibility handed from the user to the company?
  • Does the company have the means and infrastructure to ensure data at rest and data in flight are encrypted and secure, or is the burden on the employee?

Well-structured questions with respect to mobile device usage will lead to secondary and tertiary questions. Praetorian Secure can help take the answers to these questions and form them into a draft of your organizations security policy based upon your organizations unique mobile security and compliance requirements.