2. Did you know
The implementation of “bring
your own device” (BYOD)
programmes in workplaces
was expected to rise to
45% by 2020.
http://www.telegraph.co.uk/technology/mobile-phones/10029908/Half-of-all-Britons-to-provide-their-own-
smartphones-and-tablets-at-work.html
45%
3. Did you know
90% of employees used their
personal smartphones for
work-related purposes in the
past year.
http://www.cmswire.com/cms/information-management/byod-alert-personal-smartphones-heavily-used-for-work-
company-compensation-or-security-not-so-much-020185.php
4. A 2013 study reported that
57% of employers agreed
that employees use personal
devices without consent.
Did you know
http://www.businesszone.co.uk/topic/staff/employers-guide-bring-your-own-device-part-one/53026
5. Did you know
1 in 4 in the UK have had their
phone stolen or lost.
http://www.symantec.com/en/uk/about/news/release/article.jsp?prid=20130404_01
7. Did you know
99% of mobile malware targeted
Android devices in 2013.
http://newsroom.cisco.com/release/1310011/Cisco-Annual-Security-Report-Documents-Unprecedented-Growth-of-
Advanced-Attacks-and-Malicious-Traffic
8. Common security problems
• Loss of company data and files from
memory-laden devices.
• Physical loss of the device.
• Introduction of viruses and malware
into the company’s installed computer
base, usually when synchronising PC and
handset in the office and on a home PC.
9. • Secure the mobile device
• Secure the mobile data
• Secure the mobile applications
How can you address them?
10. Security Methods
There are three main steps to tackle
the basics of mobile security
• Authentication
• Encryption
• Filtering
Learn more by reading on...
11. What is Authentication?
The process of identifying an individual,
usually based on a username and
password.
Users have to identify themselves to
their device and to the network before
they can gain access.
12. What is Authentication?
• Mobile devices often do not have
passwords enabled.
• Mobile devices often lack passwords
to authenticate users and control
access to data stored on devices.
13. What is Authentication?
Many devices have the technical
capability to support authentication
- passwords, PIN numbers, pattern
screen locks, and biometric readers.
However users often don’t use
these mechanisms, or devices aren’t
configured correctly.
14. What is Authentication?
If users use passwords or PINS they
tend to use passwords that are easy
for others to guess i.e. their birthdays
or 1234 etc.
15. What is Authentication?
The issue with static passwords is
that they can be guessed, forgotten,
written down or stolen.
Without secure passwords devices
that are lost or stolen are prone to
having unauthorised users accessing
and using sensitive information.
16. What is Authentication?
Two factor authentication is often
ignored when conducting sensitive
transactions on mobile devices.
Two factor authentication provides a
higher level of security than traditional
passwords and PINs. Users are required
to authenticate using two different
factors.
17. What is Encryption?
A method of converting an original
message of regular text into encoded
text. Sensitive data is encoded while
stored and during transmission.
Use encryption to help secure your
files and prevent other people from
viewing or changing them.
18. Why Encryption?
• Data encryption helps to secure
stored or transmitted data.
• Many mobile devices have the ability
to enable data encryption with little
impact to the user.
19. Why Encryption?
The use of encryption helps limit the
attackers’ ability to obtain usable data
from the mobile device’s storage.
It will also prevent them from being
able to easily capture sensitive data
(such as user names and passwords).
20. What is Filtering?
Filtering is a term that encompasses
methods of removing threats to mobile
security from web pages and emails.
Web pages are often used as carriers of
viruses and other malware.
Email attachments are also a primary
transporter of malware attacks.
22. Next Steps
Run a Vulnerability
Assessment
Carry out a Security Audit
23. Next Steps: Authentication
• Ensure passwords, PIN numbers,
pattern screen locks, and biometric
readers are enabled to authenticate
users and access to data.
• Make sure mobile devices avoid
insecure passwords and PINs.
• Avoid writing passwords down.
24. Next Steps: Authentication
• Emphasise to employees the
importance of not losing devices.
• Consider two factor authentication.
• Implement a Mobile Strong
Authentication strategy.
25. Next Steps: Encryption
• Create and maintain encrypted
backups to ensure resiliency if a
device becomes faulty or is lost or
stolen.
• For Cloud-based mobile devices,
backups can be done remotely
whenever an Internet connection is
available.
26. Next Steps: Encryption
• Mobile device backups should be
done and password protected while
it is still in the control of the user.
• Implement a Mobile Encryption
Model.
27. Next Steps: Filtering
Use Spam filtering to help prevent
spam, phishing attacks and unsolicited
e-mail messages from reaching your
email server.
This blocks spam on an external server
instead of simply placing it in a “junk
e-mail” folder. This keeps viruses and
spyware out of your system.
28. Next Steps: Filtering
Install regular security updates to
protect yourself against viruses. Use
Antivirus software on all machines.
Ensure that all your systems are
updated in order to protect you from
future online threats.
29. How do you manage your policies?
Do you have ever-changing policies?
Are they time consuming to manage?
Next Steps
30. Keltec work with many technology
vendors who are experts in designing
BYOD security solutions and in BYOD
security policies.
Next Steps
31. By investing in total system security
management, businesses will be able
to insure themselves against the
increasing and inevitable use of mobile
devices in the workplace.
Next Steps
32. Download our FREE white paper
Download Now
The Impact of Mobile Devices
on the Security of Corporate
IT Systems
33. Want to discuss any of the issues in
this presentation? Contact us at
keltec.co.uk/it-services/security