Government // Cybersecurity
Commentary
8/20/2014
12:30 PM
50%
50%

4 Tips: Protect Government Data From Mobile Malware

Mobile malware continues to proliferate, particularly on Android devices. These four steps help counter the threat.

It often happens without you knowing. Malware takes over your smartphone or tablet, exploiting vulnerabilities and trolling for information. Perhaps the processing speed on your smartphone slows down. Or a preview of a text message that you didn't write temporarily pops up on your screen. These and other clues lead you to become suspicious that someone has access to your device and data.

Fake ID on Android
The recent disclosure of a new Fake ID malware underscores the problem. Fake ID -- malware on the Android platform that can be installed without receiving permission from the user -- uses fake credentials to gain control over other parts of a user's device. This particular malware can access an individual's personal contacts as well as sensitive data including financial records. The numbers speak volumes: More than 95% of all mobile malware is targeted at Android phones.

The prevalence of mobile malware targeted at Android is one reason the platform has not been as widely adopted as Apple's iOS, BlackBerry, or Windows at the enterprise level across the public and private sectors. In June, Forbes reported that mobile malware has increased 167% in the last year alone.

4 specific actions for federal BYOD programs
With the growth of bring your own device (BYOD) programs across federal government agencies -- and more individual and government data stored on mobile devices -- what can the government do to minimize the risk posed by mobile malware? Federal agencies can implement four specific actions within BYOD programs and devices owned and operated by the government.

First, the federal government should prohibit downloading certain apps. Similar to how agencies block access to certain websites on desktop computers, such as personal email websites or sites containing inappropriate content, agencies can prohibit employees from downloading apps that make devices connected to agency networks more vulnerable.

Next, agencies should mandate antivirus apps for mobile devices. Antivirus software and applications are ubiquitous on desktops and laptops. It is time for owners and users of mobile devices to install and use them on a regular basis. There is no shortage of options in the marketplace; major IT security companies, including Trend Micro, Norton, McAfee, and Bitdefender, now offer antivirus applications for mobile devices.

Third, agencies can pursue "sandboxing," or containerization, to separate programs running on a mobile device. In essence, a secure container isolates the program code so that one application cannot interfere with another. This would add a layer of protection between data from government applications and data from personal applications on the same device.

Finally, agencies should consider expanding encrypted smartphones and email applications beyond the most sensitive personnel positions. Members of the intelligence community, Department of Defense employees, and even senior executives at the Department of Veterans Affairs use encrypted email and encrypted devices in the most sensitive situations. But as more federal employees access their work data using mobile devices, the points of access to government information expand exponentially. Encryption technology has improved over the past few years to enhance ease of use for individuals without compromising data security. The government has multiple options to apply to its use of mobile devices.

Call to action
Mobile devices will not be going away anytime soon. Federal employees value the increase in productivity and efficiency as they perform their responsibilities. Now is the time for the federal government to take the steps necessary to protect its data from hackers as it continues to evolve in its management of mobile devices connected to federal networks.

Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge. Get the new Flexibility Equals Strength issue of InformationWeek Government Tech Digest today. (Free registration required.)

Julie M. Anderson is expert at organizational transformation, including strategy development and execution; operational excellence; financial management; human capital development; and marketing and communications. She served as Acting Assistant Secretary for Policy and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
8/20/2014 | 3:09:48 PM
Re: At least put some AV on there!
For a moment there, I thought the headline was about protecting data from government. Oh well.
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
8/20/2014 | 1:24:51 PM
At least put some AV on there!
it still baffles me that corporate-used devices still often lack basic security controls.  Adding a requirement to log into your phone with a PIN is a miniscule step in the right direction when you consider that mobile devices are quickly becoming one of the key work computing devices.  Companies should at minimum ensure to have endpoint controls on place and encryption to protect corporate assets, if not a larger scale mobile security plan.
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.