The Aberdeen study on managing identities \/ access performed in 2011 shows:<\/p>

<\/p>

• 94% users support access to enterprise mails
  <\/li>
• 89% users support access to enterprise contacts
  <\/li>
• 89% users support access to enterprise calendar
  <\/li>
• 87% users support access to enterprise web based apps
  <\/li>
• 45 % users support access to corporate network or Wi-Fi
  <\/li><\/ul>

  <\/p>

  \u00b7<\/p>

  What are the common threats to mobile device?<\/b><\/p>

  <\/p>

  The common threats to the mobile devices are:
  <\/i><\/p>

  • Loss, theft, or inappropriate disposal of mobile devices
    <\/li>
  • Unauthorized access to mobile devices which may result in access to the sensitive organizational as well as personal information stored on the device
    <\/li>
  • Electronic Eavesdropping: In Electronic Eavesdropping,spy software is installed onto a device to collect and forward information onto another phone or server.
    <\/li>
  • Malware: The common ways of getting infected by malware are:
    <\/li><\/ul>

    <\/p>

    <\/i><\/p>

    1. Internet downloads
       <\/li>
    2. Messaging services
       <\/li>
    3. Bluetooth communications
       <\/li>
    4. Using unsecured Wi-Fi connections
       <\/li><\/ol>
       • Electronic tracking: Earlier cellular carriers had ability to track the location of the device. This information was used by them for their internal use. Nowadays companies offer location tracking services for the registered mobiles to enable the friends, parents and relatives of the user to know the exact location of the user. This feature, if misused, can provide details of the physical location of person.<\/li>
       • Server Resident Data: Applications or data hosted on servers maintained by another party has the risk of exposing sensitive information. Electronic mail and other communications solutions that keep content \/ data on the service provider\u2019s server is a common example.
         <\/li><\/ul>How to secure mobile device?<\/b>
         
         To protect mobile device from emerging vulnerabilities and threats, there is a need to constantly adhere to the security procedures and initiate the proactive security measures.
         
         Individual measures:<\/b>
         
         
         • Configure password on your phone and a PIN on your SIM card. Configuring a password and PIN will eliminate the chances of unauthorized access to your phone or using the SIM in another phone to make calls.
           <\/li>
         • Configure auto lock. If your phone is inactive for defined time period then it should be automatically locked and should prompt for a password or PIN to activate it again.
           <\/li>
         • Encrypt your sensitive data. Smart phones allow you to encrypt your data. Encryption secures your data in case your mobile device is lost or stolen.
           <\/li>
         • Consider installing security software from a reputable vendor \/ trusted source. Anti-virus, anti-theft, anti-malware and firewall software is available for some mobile phone operating systems.
           <\/li>
         • Access only reputable websites and mobile applications (apps). Always keep an eye on your commonly used websites' addresses and make sure you are not redirected or diverted to other websites. When using financial mobile applications, such as mobile banking, ensure that you use applications supplied by your financial institution only.<\/li>
         • Be careful when allowing third party unsigned applications to access your personal information.<\/li><\/ul>
           1. Do not click on unsolicited or unexpected links. Even when they appear to be from friends.
              <\/li>
           2. Keep active check on your mobile phone bill for unusual data charges or higher call charges. Connect to your service provider immediately, if you discover any unusual calls or data usage on your bill.
              <\/li>
           3. Keep you mobile phone's operating system up-to-date by installing the patches as soon as they are available.
              <\/li>
           4. Use Wi-Fi and Bluetooth carefully. When connecting to the internet using Wi-Fi, try to use an encrypted network that requires a password. Avoid online banking or financial transactions in busy public areas and over unsecured Wi-Fi networks. Keep Bluetooth off when you aren't using it.
              <\/li>
           5. Back up your sensitive data regularly.
              <\/li>
           6. If you decide to recycle your phone, make sure you delete all your personal information first. Remember to remove or wipe off memory cards.
              <\/li>
           7. Ensure that you have enabled your mobile tracking. Some mobile phones do have ability to remotely wipe your information stored on the phone.
              <\/li><\/ol>Organizational measures:<\/b>
              
              As some organizations permit use of mobile devices to access application systems remotely, they need to consider Mobile Device Management (MDM) as one of their key activity in managing their organizations\u2019 security. Some of the measure that could be taken are:
              
              
              • Establishing a Mobile Device Security Policy:Organization should have a mobile device security policy in place. This security policy should contain the rules, principles, and security practices to be followed by end user irrespective of whether the device is issued by the organization or owned by the individual. The policy should also include the clause related with right to audit mobile device in the policy.
                <\/li>
              • Perform Risk Assessment: Risk analysis \/ assessment will help to:<\/li><\/ul>
                1. Potential damage it may cause to the organization \/ individual users and<\/li>
                2. Whether the security controls implemented are enough or there is a need to enhance it further<\/li>
                3. Identify various vulnerabilities and threats which exists around mobile device
                   <\/li><\/ol>
                   • Perform Risk Management: Roll out Risk Management Plan once the risk analysis is completed. As a part of risk management process, identify the steps to be taken to minimize the assessed risk to an acceptable level. Further, implement process to maintain it at the acceptable level at all time.
                     <\/li>
                   • Security Awareness Training: Successful implementation of any security policy & procedures framework depends on the awareness amongst the users about the organization\u2019s security policies & procedures. Conduct security awareness training on a regular basis to transform the importance of understanding and adhering to the organization\u2019s security policy.
                     <\/li><\/ul>Co-authored by Sachin Deshpande, senior manager with Deloitte Haskins & Sells LLP.
                     <\/i><\/b>
                     ","blog_img":"","posted_date":"2014-12-17 17:42:34","modified_date":"2014-12-29 13:35:55","featured":"0","status":"Y","seo_title":"Securing Mobile \u2013 Securing Future","seo_url":"securing-mobile-securing-future","url":"\/\/www.iser-br.com\/tele-talk\/securing-mobile-securing-future\/410","url_seo":"securing-mobile-securing-future"}">
                     符合时代变化,大多数组织正在采取措施,降低运营成本,跟上增加使用移动设备如平板电脑、电子阅读器、智能手机和连通性选项如数据卡、软件狗,wi - fi热点,等。因此,期望像在家工作,灵活的工作时间,远程支持等越来越受欢迎的在工作场所。这加强了在移动设备的使用越来越多。
                     
                     根据Gartner的研究报告,到2013年手机将取代个人电脑成为全球最常见的网络接入设备。然而,在这个世界上没有什么是免费的,这也适用于移动设备。方便和灵活性,移动设备带来许多安全风险/威胁个人以及组织使用它们。
                     
                     为什么保护移动设备?
                     
                     移动设备的日益普及和可用性无数应用程序使得移动设备的“智能手机”。今天,这些智能手机能做几乎所有在线的早些时候他/她是依赖于桌面或笔记本电脑。在线交易像票务、基金转让、移动银行、股票投资、管理金融投资组合管理以及交易对企业应用系统使用手机是非常普遍的。
                     
                     因为我们使用移动设备来执行在线交易,保护个人信息,财务信息,企业数据,个人身份信息等变得极为重要。保证机密性、完整性和可用性的数据以一种安全的方式是需要一个小时。
                     
                     虽然现在的特性使“智能”手机,他们也将它暴露在病毒和恶意软件。如果手机不安全的和/或丢失或被盗,个人信息,包括密码、银行信息、电子邮件和联系人等可以用来访问钱或窃取身份。因此,重要的是,需要保护和安全的他/她的手机来保护它免受潜在风险和漏洞。
                     
                     

                     阿伯丁研究管理身份/访问2011年显示了执行:

                     • 94%用户支持企业邮件访问
                       
                     • 89%的用户支持访问企业联系人
                       
                     • 89%的用户支持访问企业日历
                       
                     • 87%用户支持对企业基于web的应用程序的访问
                       
                     • 45%的用户支持访问公司网络或wi - fi
                       

                     ·

                     移动设备的共同的威胁是什么?

                     移动设备的共同的威胁:
                     

                     • 损失、盗窃、移动设备或不适当的处置
                       
                     • 未经授权的访问到移动设备可能会导致访问敏感组织以及个人信息存储在设备上
                       
                     • 电子窃听:在电子窃听,间谍软件是安装在设备收集和转发信息到另一个电话或服务器上。
                       
                     • 恶意软件:被恶意软件感染的常用方法有:
                       

                     1. 网络下载
                        
                     2. 消息传递服务
                        
                     3. 蓝牙通信
                        
                     4. 使用未加密的无线连接
                        

                     • 电子跟踪:早期的细胞载体跟踪设备的位置的能力。这些信息被他们的内部使用。现在公司提供位置跟踪服务注册手机使朋友,父母和亲戚的用户了解用户的确切位置。这个功能,如果滥用,可以提供详细的物理位置的人。
                     • 服务器数据:应用程序或数据驻留在服务器维护的另一方的风险暴露敏感信息。电子邮件和其他通讯解决方案,保持内容/服务提供者的数据服务器是一个常见的例子。
                       

                     如何安全的移动设备?
                     
                     保护移动设备从新兴的漏洞和威胁,需要不断坚持安全程序和启动主动安全措施。
                     
                     单独的措施:
                     
                     

                     • 配置密码在你的手机和你的SIM卡销。配置密码和销将会取消未经授权的访问的机会,你的手机或使用SIM在另一个手机打电话。
                       
                     • 配置自动锁。如果你的手机是不活跃的时期就应该定义自动锁定,应该提示密码或密码再次激活它。
                       
                     • 你的敏感数据进行加密。智能手机让你加密数据。数据加密保护,以防你的移动设备丢失或被盗。
                       
                     • 考虑安装安全软件从一个有信誉的供应商/信任的来源。杀毒,防盗,反恶意软件和防火墙软件是用于一些手机操作系统。
                       
                     • 只访问著名的网站和移动应用程序(应用程序)。总是留意你常用的网站的地址,确保你不是重定向或转移到其他网站。当使用金融移动应用程序,如移动银行,确保您使用应用程序提供的金融机构。
                     • 允许第三方未签名的应用程序访问时要小心你的个人信息。

                     1. 不要点击主动或意想不到的联系。即使他们似乎从朋友。
                        
                     2. 保持积极的检查你的手机账单不寻常的数据费用或更高的电话费用。立即连接到服务提供者,如果您发现任何不寻常的电话或数据使用在您的帐单。
                        
                     3. 让你的手机的操作系统就安装最新的补丁。
                        
                     4. 小心使用wi - fi和蓝牙。使用wi - fi连接到互联网时,试着使用一个加密的网络,需要一个密码。避免网上银行或金融交易在繁忙的公共区域和未加密的无线网络。当你不使用它保持蓝牙。
                        
                     5. 定期备份你的敏感数据。
                        
                     6. 如果你决定回收手机,一定要先删除所有你的个人信息。记得删除或擦拭记忆卡。
                        
                     7. 确保你启用移动跟踪。一些手机有远程删除您的信息存储在手机上。
                        

                     组织措施:
                     
                     一些组织允许使用的移动设备访问远程应用程序系统,他们需要考虑移动设备管理(MDM)作为他们的一个关键在管理组织的安全活动。可以采取的措施有:
                     
                     

                     • 建立一个移动设备安全策略:组织应该有一个移动设备安全策略。这个安全策略应该包含的规则、原则和安全实践是紧随其后的是最终用户无论是否出具设备拥有的组织或个人。该政策还应该包括相关的条款与审计策略中移动设备的权利。
                       
                     • 执行风险评估:风险分析/评估将有助于:

                     1. 潜在的损害可能会造成组织/个人用户和
                     2. 安全控制实现是否足够或者需要进一步增强它
                     3. 识别各种漏洞和威胁存在的移动设备
                        

                     • 执行风险管理:风险管理计划推出一次完成风险分析。风险管理过程的一部分,确定要采取措施减少评估风险到可接受的水平。此外,实现过程维持在可接受的水平。
                       
                     • 安全意识培训:成功实现的安全政策和程序框架取决于意识在用户组织的安全政策和程序。定期进行安全意识培训转化的重要性的理解和遵守该组织的安全政策。
                       

                     高级经理由萨钦Deshpande德勤哈斯金斯&销售。
                     
                     

                     免责声明:作者的观点仅和ETTelecom.com不一定订阅它。乐动体育1002乐动体育乐动娱乐招聘乐动娱乐招聘乐动体育1002乐动体育ETTelecom.com不得负责任何损害任何个人/组织直接或间接造成的。