August 20, 2014
It often happens without you knowing. Malware takes over your smartphone or tablet, exploiting vulnerabilities and trolling for information. Perhaps the processing speed on your smartphone slows down. Or a preview of a text message that you didn't write temporarily pops up on your screen. These and other clues lead you to become suspicious that someone has access to your device and data.
Fake ID on Android
The recent disclosure of a new Fake ID malware underscores the problem. Fake ID -- malware on the Android platform that can be installed without receiving permission from the user -- uses fake credentials to gain control over other parts of a user's device. This particular malware can access an individual's personal contacts as well as sensitive data including financial records. The numbers speak volumes: More than 95% of all mobile malware is targeted at Android phones.
The prevalence of mobile malware targeted at Android is one reason the platform has not been as widely adopted as Apple's iOS, BlackBerry, or Windows at the enterprise level across the public and private sectors. In June, Forbes reported that mobile malware has increased 167% in the last year alone.
4 specific actions for federal BYOD programs
With the growth of bring your own device (BYOD) programs across federal government agencies -- and more individual and government data stored on mobile devices -- what can the government do to minimize the risk posed by mobile malware? Federal agencies can implement four specific actions within BYOD programs and devices owned and operated by the government.
First, the federal government should prohibit downloading certain apps. Similar to how agencies block access to certain websites on desktop computers, such as personal email websites or sites containing inappropriate content, agencies can prohibit employees from downloading apps that make devices connected to agency networks more vulnerable.
Next, agencies should mandate antivirus apps for mobile devices. Antivirus software and applications are ubiquitous on desktops and laptops. It is time for owners and users of mobile devices to install and use them on a regular basis. There is no shortage of options in the marketplace; major IT security companies, including Trend Micro, Norton, McAfee, and Bitdefender, now offer antivirus applications for mobile devices.
Third, agencies can pursue "sandboxing," or containerization, to separate programs running on a mobile device. In essence, a secure container isolates the program code so that one application cannot interfere with another. This would add a layer of protection between data from government applications and data from personal applications on the same device.
Finally, agencies should consider expanding encrypted smartphones and email applications beyond the most sensitive personnel positions. Members of the intelligence community, Department of Defense employees, and even senior executives at the Department of Veterans Affairs use encrypted email and encrypted devices in the most sensitive situations. But as more federal employees access their work data using mobile devices, the points of access to government information expand exponentially. Encryption technology has improved over the past few years to enhance ease of use for individuals without compromising data security. The government has multiple options to apply to its use of mobile devices.
Call to action
Mobile devices will not be going away anytime soon. Federal employees value the increase in productivity and efficiency as they perform their responsibilities. Now is the time for the federal government to take the steps necessary to protect its data from hackers as it continues to evolve in its management of mobile devices connected to federal networks.
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge. Get the new Flexibility Equals Strength issue of InformationWeek Government Tech Digest today. (Free registration required.)
About the Author(s)
You May Also Like
The Era of generative AI-enabled Security
Entering the era of generative AI-enabled security
Processing principles under the GDPR, CCPA, and the EU-US DPF
Responsible data use: Navigating privacy in the information lifecycle
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Acceleration