4 Tips: Protect Government Data From Mobile Malware - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
12:30 PM

4 Tips: Protect Government Data From Mobile Malware

Mobile malware continues to proliferate, particularly on Android devices. These four steps help counter the threat.

It often happens without you knowing. Malware takes over your smartphone or tablet, exploiting vulnerabilities and trolling for information. Perhaps the processing speed on your smartphone slows down. Or a preview of a text message that you didn't write temporarily pops up on your screen. These and other clues lead you to become suspicious that someone has access to your device and data.

Fake ID on Android
The recent disclosure of a new Fake ID malware underscores the problem. Fake ID -- malware on the Android platform that can be installed without receiving permission from the user -- uses fake credentials to gain control over other parts of a user's device. This particular malware can access an individual's personal contacts as well as sensitive data including financial records. The numbers speak volumes: More than 95% of all mobile malware is targeted at Android phones.

The prevalence of mobile malware targeted at Android is one reason the platform has not been as widely adopted as Apple's iOS, BlackBerry, or Windows at the enterprise level across the public and private sectors. In June, Forbes reported that mobile malware has increased 167% in the last year alone.

4 specific actions for federal BYOD programs
With the growth of bring your own device (BYOD) programs across federal government agencies -- and more individual and government data stored on mobile devices -- what can the government do to minimize the risk posed by mobile malware? Federal agencies can implement four specific actions within BYOD programs and devices owned and operated by the government.

First, the federal government should prohibit downloading certain apps. Similar to how agencies block access to certain websites on desktop computers, such as personal email websites or sites containing inappropriate content, agencies can prohibit employees from downloading apps that make devices connected to agency networks more vulnerable.

Next, agencies should mandate antivirus apps for mobile devices. Antivirus software and applications are ubiquitous on desktops and laptops. It is time for owners and users of mobile devices to install and use them on a regular basis. There is no shortage of options in the marketplace; major IT security companies, including Trend Micro, Norton, McAfee, and Bitdefender, now offer antivirus applications for mobile devices.

Third, agencies can pursue "sandboxing," or containerization, to separate programs running on a mobile device. In essence, a secure container isolates the program code so that one application cannot interfere with another. This would add a layer of protection between data from government applications and data from personal applications on the same device.

Finally, agencies should consider expanding encrypted smartphones and email applications beyond the most sensitive personnel positions. Members of the intelligence community, Department of Defense employees, and even senior executives at the Department of Veterans Affairs use encrypted email and encrypted devices in the most sensitive situations. But as more federal employees access their work data using mobile devices, the points of access to government information expand exponentially. Encryption technology has improved over the past few years to enhance ease of use for individuals without compromising data security. The government has multiple options to apply to its use of mobile devices.

Call to action
Mobile devices will not be going away anytime soon. Federal employees value the increase in productivity and efficiency as they perform their responsibilities. Now is the time for the federal government to take the steps necessary to protect its data from hackers as it continues to evolve in its management of mobile devices connected to federal networks.

Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge. Get the new Flexibility Equals Strength issue of InformationWeek Government Tech Digest today. (Free registration required.)

Julie M. Anderson is expert at organizational transformation, including strategy development and execution; operational excellence; financial management; human capital development; and marketing and communications. She served as Acting Assistant Secretary for Policy and ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
Thomas Claburn,
User Rank: Author
8/20/2014 | 3:09:48 PM
Re: At least put some AV on there!
For a moment there, I thought the headline was about protecting data from government. Oh well.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
How CIOs Can Advance Company Sustainability Goals
Lisa Morgan, Freelance Writer,  5/26/2021
IT Skills: Top 10 Programming Languages for 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/21/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll