Government // Cybersecurity
12:30 PM

4 Tips: Protect Government Data From Mobile Malware

Mobile malware continues to proliferate, particularly on Android devices. These four steps help counter the threat.

It often happens without you knowing. Malware takes over your smartphone or tablet, exploiting vulnerabilities and trolling for information. Perhaps the processing speed on your smartphone slows down. Or a preview of a text message that you didn't write temporarily pops up on your screen. These and other clues lead you to become suspicious that someone has access to your device and data.

Fake ID on Android
The recent disclosure of a new Fake ID malware underscores the problem. Fake ID -- malware on the Android platform that can be installed without receiving permission from the user -- uses fake credentials to gain control over other parts of a user's device. This particular malware can access an individual's personal contacts as well as sensitive data including financial records. The numbers speak volumes: More than 95% of all mobile malware is targeted at Android phones.

The prevalence of mobile malware targeted at Android is one reason the platform has not been as widely adopted as Apple's iOS, BlackBerry, or Windows at the enterprise level across the public and private sectors. In June, Forbes reported that mobile malware has increased 167% in the last year alone.

4 specific actions for federal BYOD programs
With the growth of bring your own device (BYOD) programs across federal government agencies -- and more individual and government data stored on mobile devices -- what can the government do to minimize the risk posed by mobile malware? Federal agencies can implement four specific actions within BYOD programs and devices owned and operated by the government.

First, the federal government should prohibit downloading certain apps. Similar to how agencies block access to certain websites on desktop computers, such as personal email websites or sites containing inappropriate content, agencies can prohibit employees from downloading apps that make devices connected to agency networks more vulnerable.

Next, agencies should mandate antivirus apps for mobile devices. Antivirus software and applications are ubiquitous on desktops and laptops. It is time for owners and users of mobile devices to install and use them on a regular basis. There is no shortage of options in the marketplace; major IT security companies, including Trend Micro, Norton, McAfee, and Bitdefender, now offer antivirus applications for mobile devices.

Third, agencies can pursue "sandboxing," or containerization, to separate programs running on a mobile device. In essence, a secure container isolates the program code so that one application cannot interfere with another. This would add a layer of protection between data from government applications and data from personal applications on the same device.

Finally, agencies should consider expanding encrypted smartphones and email applications beyond the most sensitive personnel positions. Members of the intelligence community, Department of Defense employees, and even senior executives at the Department of Veterans Affairs use encrypted email and encrypted devices in the most sensitive situations. But as more federal employees access their work data using mobile devices, the points of access to government information expand exponentially. Encryption technology has improved over the past few years to enhance ease of use for individuals without compromising data security. The government has multiple options to apply to its use of mobile devices.

Call to action
Mobile devices will not be going away anytime soon. Federal employees value the increase in productivity and efficiency as they perform their responsibilities. Now is the time for the federal government to take the steps necessary to protect its data from hackers as it continues to evolve in its management of mobile devices connected to federal networks.

Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge. Get the new Flexibility Equals Strength issue of InformationWeek Government Tech Digest today. (Free registration required.)

Julie M. Anderson is expert at organizational transformation, including strategy development and execution; operational excellence; financial management; human capital development; and marketing and communications. She served as Acting Assistant Secretary for Policy and ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
Thomas Claburn,
User Rank: Author
8/20/2014 | 3:09:48 PM
Re: At least put some AV on there!
For a moment there, I thought the headline was about protecting data from government. Oh well.
User Rank: Ninja
8/20/2014 | 1:24:51 PM
At least put some AV on there!
it still baffles me that corporate-used devices still often lack basic security controls.  Adding a requirement to log into your phone with a PIN is a miniscule step in the right direction when you consider that mobile devices are quickly becoming one of the key work computing devices.  Companies should at minimum ensure to have endpoint controls on place and encryption to protect corporate assets, if not a larger scale mobile security plan.
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest August 03, 2015
The networking industry agrees that software-defined networking is the way of the future. So where are all the deployments? We take a look at where SDN is being deployed and what's getting in the way of deployments.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Everyone wants a well-educated, successful workforce but just how do you get one? And what, precisely, do you think you can do with it? To answer those and other questions, George Colombo had a conversation with Elliott Masie, head of The MASIE Center, a Saratoga Springs, NY think tank focused on how organizations can support learning and knowledge within the workforce.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.