Mobile devices are more widely used today than patrol cars. Do you have a strong mobile security policy to keep them safe?
Whether you have paramedics working on tablets and smartphones in their emergency trucks, or you’re a fire chief seeking to enable some staff access to social networks while preventing others from using social media in their vehicles, it’s clear that mobile devices are vitally important to your team’s daily activities.
In fact, the Verizon 2020 Mobile Security Index (MSI) found that 75% of public sector organizations said that mobile devices are critical to the smooth running of their operations. Mobile devices help officers and firefighters communicate within their own units and across agencies; support information gathering and sharing that helps support the daily mission;, and even help agencies communicate and collaborate with citizens across their communities.
Even as mobile devices are key to service delivery, without the right mobile security strategy in place, they could also be exposing your infrastructure and sensitive data to greater risk.
Mobile-related compromises are more common than you think.
In fact, according to our survey, nearly two-fifths (39%) of public sector organizations admitted to having suffered a compromise involving a mobile device in the past year. Despite the potential harm, 36% of these organizations said they had sacrificed mobile security to “get the job done.” Unfortunately, those that forewent mobile security were 2.2 times as likely to have suffered a compromise.
The fact is, each mobile device that accesses your public safety agency’s network brings risk of compromise, whether from potential malware, rogue apps, phishing, cryptojacking or other threats. Risk of exposure can occur in seemingly benign circumstances, such as an officer accessing public Wi-Fi on their device while stopping for lunch, for example.
Eighty-nine percent of 2020 MSI public sector respondents said they think that organizations need to take mobile device security more seriously.
Cyberattacks on mobile devices are increasing. Preventing malware infiltrations while protecting critical data and communication channels is necessary to help first responders work efficiently and stay focused on the mission.
Building a strong mobile security strategy starts with strong policies and user education
Strengthening mobile device security requires a combination of education, best practices and the right tools. Mobile protection is only as strong as its users, so make sure each employee understands the steps they can take to keep their devices secure—and how to report anything suspicious.
Mobile device policy should start with a full inventory of mobile assets and who uses them. From there, agencies should implement policies to lock down and isolate vulnerable, infected and lost or stolen devices.
A mobile device management (MDM) solution can be deployed to simplify patch management and enforce your acceptable use policies, including authentication policies, and threat detection software can be deployed regularly to scan for vulnerabilities.
Your formal acceptable use policy should specify responsibilities for bring-your-own-device users, what networks can be used and what apps users can install. It should also include a password policy covering strength, reuse and two-factor authentication. Users will be prompted to change their passwords regularly, following your established password guidelines.
Additionally, one often-overlooked best practice is to make sure you’ve changed all default and vendor-supplied passwords on any software or hardware that your agency uses.
Mobile policy should cover more than mobile devices: Apps, networks and cloud services.
Strengthening your mobile device policies requires a look beyond individual devices and users to ensure that they include apps, networks and cloud services, as well.
When it comes to applications, there are several steps you can take to protect your organization from cyberthieves. Employees should only be able to install apps from vetted sources and should generally be blocked from downloading apps from the internet. Patches should be installed promptly to minimize risk. And perhaps most importantly, data access should be restricted to a need-to-know basis.
Strong network policies should be enacted as well. Best practice is to encrypt all data sent over unsecured networks.
One option that can help protect your network from evolving attacks is a cloud-based Domain Name System (DNS) security solution that can be built into your wireless connectivity plan. Designed to secure your data and communication channels, this type of solution provides DNS-layer security to improve visibility and protect your users on and off the network by stopping threats over any port or protocol before they reach your network or endpoints. This can help protects your agency from malware, ransomware and phishing attacks.
Agencies should consider adopting a zero-trust approach, in which all access must be continuously verified.
And finally, users should be educated on the dangers of public Wi-Fi, and unknown and insecure Wi-Fi networks should be blocked. Similarly, agencies should consider adopting policies that limit access to cloud services to devices that use trusted networks or VPNs, and restrict the use of unvetted cloud apps, especially file-sharing ones.
Well-implemented security can reduce risk and support productivity.
Protecting your agency from unknown risks at the hands of cybercriminals can feel daunting, but there’s good news: Well-implemented security practices and solutions can dramatically reduce risk while giving your teams the unfettered mobile access they need to get their jobs done.