As per a recent statistic, about a million mobile handsets are getting lost every year. While mobile phones carry valuable data such as business contacts, emails, documents, pictures, videos, etc. and senior management executives are increasingly using their smart phones compared to laptops, securing mobile phones is not given top priority in the IT security agenda of many business organizations. It is highly recommended that every organization includes a \u2018Mobile Phone Security Policy\u2019 in their IT Security Policy and Procedures. The policy may include a security checklist similar to the one given below.<\/p>\n
<\/p>\n
\n
1.\tPhysical Security<\/strong><\/p>\n a.\tMobile phones should never be left unattended.<\/p>\n b.\tLending the phone to another person should be avoided.<\/p>\n c.\tEnable \u2018Lock Mobile\u2019 on removal of SIM card if such feature is available in the mobile.<\/p>\n d.\tEnable \u2018Mobile Tracker\u2019, if this feature is available in your mobile. By configuring this feature, whenever the SIM is replaced by another SIM, a distress SMS will be sent to a set of user pre-configured mobile numbers without any indication on the compromised mobile. Once distress SMS is received, the mobile can be located with the help of the telecom service provider \/ police. Some mobile tracker software also aids \u2018remote wipe\u2019 of data.<\/p>\n e.\tSome mobile security solutions like the one from Kaspersky have features like remote lock, remote data wipe etc. Users may consider these solutions to be implemented in their handsets.<\/p>\n f.\tDatabase of IMEI (International Mobile Equipment Identity) numbers of all mobiles in the organization with their respective user names should be maintained by the IT department. This will be required in case of reporting loss to the police authorities or the service providers.<\/p>\n \n <\/p>\n 2.\tUser Authentication<\/strong><\/p>\n a.\tProtect your mobile using passwords and PINs<\/p>\n b.\tEnable and configure the automatic timeout feature in your mobile phone. This feature locks the handset after reaching a present inactivity time threshold.<\/p>\n \n <\/p>\n 3.\tData Backup<\/strong><\/p>\n Data can be backed up in the following 3 ways:<\/p>\n a.\tCopying the data onto the memory card. But this only protects the user from data loss due to a hardware failure.<\/p>\n b.\tSynchronizing the data with a desktop. Most mobiles come with a backup \/ synchronization utility to facilitate this.<\/p>\n c.\tBacking up service provided by the Telecom Service Provider.<\/p>\n \n <\/p>\n 4.\tData Encryption<\/strong><\/p>\n Most smart phones come with encryption facilities. Encryption of both device contents and memory card contents should be considered.<\/p>\n \n <\/p>\n 5.\tAvoid unknown contacts and suspicious websites<\/strong><\/p>\n a.\tAvoid message \/ file downloads from unknown contacts.<\/p>\n b.\tAvoid file downloads from suspicious websites.<\/p>\n c.\tAvoid installing unwanted and suspicious applications.<\/p>\n d.\tIncoming bluetooth connections should not be accepted unless from known sources.<\/p>\n \n <\/p>\n 6.\tTurn off wireless interfaces when not used<\/strong><\/p>\n a.\tWireless interfaces such as Bluetooth, Wi-fi and infrared should be turned off if not in use.<\/p>\n b.\tAutomatic connections to data services such as GPRS and EDGE should be turned off when not in use to avoid malware infection and spreading of malware by infected handset automatically.<\/p>\n c.\tAdjust bluetooth connectivity power setting to lowest levels to prevent long range attack.<\/p>\n \n <\/p>\n 7.\tPrevention and detection software<\/strong><\/p>\n Prevention and detection software to defend against malware and other forms of attack is an important step in securing the mobiles. Most mobile devices come with these kind of security features. If not, users may evaluate third party products. Organizations may consider implementing centralized security management to have a single, unified and centralized control over all the mobile devices used within the organization. The security software should have the following functionalities:<\/p>\n a.\tFirewall<\/p>\n b.\tAntivirus<\/p>\n c.\tIntrusion Detection<\/p>\n d.\tAnti-spam<\/p>\n e.\tVPN<\/p>\n f.\tGroup Security Policy<\/p>\n g.\tRemote locking<\/p>\n h.\tRemote diagnostics<\/p>\n \n <\/p>\n 8.\tPatch Management<\/strong><\/p>\n Mobile manufacturers come out with new patches and upgrades to fix security holes in the existing operating system of the handheld device. Users should update their OS at periodic levels by checking the manufacturer\u2019s website.<\/p>\n","protected":false},"excerpt":{"rendered":" As per a recent statistic, about a million mobile handsets are getting lost every year. While mobile phones carry valuable data such as business contacts, emails, documents, pictures, videos, etc. and senior management executives are increasingly using their smart phones compared to laptops, securing mobile phones is not given top priority in the IT security … <\/p>\n