Presentation on theme: "ATK Space 9617 Distribution Avenue San Diego, California 92121 Tel: (858) 621-5700 Fax: (858) 621-5770 Website:"— Presentation transcript:
ATK Space 9617 Distribution Avenue San Diego, California Tel: (858) Fax: (858) Website: An advanced weapon and space systems company Industry Best Practices – Security For Smartphones / Mobile Devices San Diego Industrial Counterintelligence Working Group (SDICIWG) Date: 11 July 2012
An advanced weapon and space systems company 2 Table of Contents What is a Smartphone Background - Smartphones / Mobile Devices Cyber Security Threat – Methods Used to Access or Collect Data Industry Best Practices - How to Protect Yourself Against the Threat Conclusion
An advanced weapon and space systems company 3 What is A Smartphone? Smartphone: Is a mobile communication device that offers users expanded capabilities from traditional mobile devices. The features can include text messaging, e- mail access, Internet browsing, and mobile operating systems that enable incorporation of third-party applications to offer even more expanded features.
An advanced weapon and space systems company 4 Background - SmartPhones / Mobile Devices According to the National Security Institute there are now over 100 million smartphone users in the U.S., and research shows they check their phones an average of 34 times a day. Because of their highly portable nature, smartphones are particularly prone to loss or theft, resulting in unauthorized persons gaining physical access to the devices. Cyber Criminals are increasingly targeting smartphones – mobile devices for Illegal activity, such as acquiring company or personal data.
An advanced weapon and space systems company 5 Cyber Threat - Methods Used To Access or Collect Data Cyber criminals increasingly targeting smartphones & personal digital assistants (PDAs) for illegal activity. Some of the ways in which they gain access to personal or sensitive company data includes: Lost and Stolen Cell Phones: According to security experts, lost and stolen cell phones and other mobile devices such as PDA are the biggest mobile security threat to companies. Distribution Malicious Apps: Cyber criminals and hackers distribute Malicious Apps that Contain Trojans to access or steal data. Malicious Apps and software is sometimes downloaded via seemingly trusted links.
An advanced weapon and space systems company 6 Wi-Fi Threat: Attackers can create phony Wi-Fi hotspots designed to attack mobile phones and may patrol public Wi-Fi networks for unsecured devices. Phishing or Smishing Attacks: Cyber criminals use electronic communication to trick users into installing malicious software or giving away sensitive information. Smishing exploits vulnerabilities through text messages (SMS/MMS). Cyber Threat - Methods Used To Access or Collect Data
An advanced weapon and space systems company 7 Best Practices - Steps to Take To Protect Smartphones Recommended Security Tips For Smartphone Users Passwords: Require a strong password of at least six characters. Auto Lock: Set up smartphones - mobile devices to automatically lock after 5 minutes inactivity. Auto Wipe: Configure devices to automatically wipe after 10 failed login attempts or if the mobile device is reported lost or stolen. Mobile Security Software: Require the IT Department to install mobile security software on their phones to protect against viruses and malware. Security Education: Remind employees to not click - follow unsolicited links sent in suspicious or text messages. Unknown links may lead to malicious websites.
An advanced weapon and space systems company 8 Best Practices - Steps to Take To Protect Smartphones Turn Off Unneeded Apps: Educate employees / users to turn off the applications such as Bluetooth, Wi-Fi, Infrared, and GPS when not specifically in use. This will not only reduce the attack surface, it will also increase battery life of the mobile device. Encryption: Have the IT Department install and enable local encryption to help protect data stored on the mobile phone. Device Restrictions: Implement a policy that restricts employees from accessing certain apps (e.g., password spoofers) and sites with explicit content. Security Configuration: Some smartphones can be configured to use your rights management system to prevent unauthorized persons from viewing sensitive information on the phone or to prevent authorized users from copying or forwarding the data to third parties.
An advanced weapon and space systems company 9 Security Best Practices For Smartphone Users Smartphone Security: Consider deploying smartphone security, monitoring, and management software such as that offered by Blackberry, iPhone, Android, Symbian, and Juniper Networks for Windows Mobile. Have users connect to the corporate network through an SSL VPN. Company IT Security Policy: Ensure your company establishes a comprehensive IT Security Policy that covers all mobile devices (laptops, smartphones, smartpads, PDAs, and flash sticks).
An advanced weapon and space systems company 10 CONCLUSION Questions?
An advanced weapon and space systems company 11 Sources Cyber Threats to Mobile Phones, US-CERT United States Computer Emergency Readiness Team, By Paul Ruggiero and Jon Foote, 2011 Carnegie Mellon University, Produced for US- CERT Smartphone Enterprise Security Risks and Best Practices, By Debra Littlejohn Shinder, December 2, 2010, 5:04 PM PST, enterprise-security-risks-and-best-practices/1935Debra Littlejohn Shinderhttp://www.techrepublic.com/blog/smartphones/smartphone- enterprise-security-risks-and-best-practices/1935 Five Tips For Securing Mobile Data, Tech Republic, By Shun Chen, November 22, 2010, 9:50 AM PST, Wikipedia, The Free Encyclopedia, Smartphones, 09 July 12 Top 5 mobile phone security threats in 2012, SearchSecurity, By Robert Westervelt, News Director, 09 Dec 2011, phone-security-threats-in-2012http://searchsecurity.techtarget.com/news/ /Top-5-mobile- phone-security-threats-in-2012 Blackberry Photos,