Book Image

Mobile Security: How to Secure, Privatize, and Recover Your Devices

Book Image

Mobile Security: How to Secure, Privatize, and Recover Your Devices

Overview of this book

The threat of hacking may be the most damaging on the internet. Mobile technology is changing the way we live, work, and play, but it can leave your personal information dangerously exposed. Your online safety is at risk and the threat of information being stolen from your device is at an all- time high. Your identity is yours, yet it can be compromised if you don't manage your phone or mobile device correctly. Gain the power to manage all your mobile devices safely. With the help of this guide you can ensure that your data and that of your family is safe. The threat to your mobile security is growing on a daily basis and this guide may just be the help you need. Mobile Security: How to Secure, Privatize, and Recover Your Devices will teach you how to recognize, protect against, and recover from hacking attempts and outline the clear and present threats to your online identity posed by the use of a mobile device. In this guide you will discover just how vulnerable unsecured devices can be, and explore effective methods of mobile device management and identity protection to ensure your data's security. There will be special sections detailing extra precautions to ensure the safety of family members and how to secure your device for use at work.
Table of Contents (21 chapters)
Mobile Security: How to Secure, Privatize, and Recover Your Devices
Credits
Foreword
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Tips to Help You Protect Your Mobile Device
The History of Social Networking, the Internet, and Smartphones
Index

Mobile device acceptable use policy


A Mobile Acceptable Use Policy (MAUP) is a formal agreement between an organization and the employees from that organization. This document sets out the acceptable rules for mobile device usage. Also this document will review any penalties that could be applied resulting from the rule violation from incorrect use of mobile devices.

Overview

The purpose of this policy is to define procedures, standards, and corporate impacts for end users that use a mobile device for access to corporate data. This device policy applies to, but is not limited to, any device that is used for corporate access. The device types, noted in this section, primarily are focused on Bring Your Own Device (BYOD) to work, but also can impact any mobile device provided by the company. These devices can include:

  • Smartphone (of any type)

  • Mobile phones

  • Any style of tablet computers

  • PCs

  • Notebook or Laptop (or any device that has access to the corporate network)

  • Portable media devices, netbooks, or PDAs

Policy applicability

This policy was created to protect corporate data and the corporation's reputation. It is imperative that each person manages their mobile devices to make sure that the corporate network and data is safe and secure. Every employee must sign this agreement and must follow all the corporate rules. This policy will apply to all employees, contractors, vendors, and/or anyone that will connect to the corporate network.

Rules

The following example rules can be used in your BYOD template. Each rule must be evaluated to make sure it fits your corporate environment:

  • These rules include BYOD devices that all must be registered with the corporate Mobile Device Management (MDM) system or manager. This is an automated process and must be completed by all users. Before a device can be connected to the corporate network, the employee must obtain an approval from their manager. Management can terminate a device connection at any time for any reason.

  • The corporation may install virus and/or protection software on this device any time. End users must accept the corporate network software or they will lose access to the network.

  • Access and use of the device that connects to the corporate network will be tracked as needed by the corporation.

  • If a device is deemed "compromised" then it will be blocked from accessing the corporate network.

  • The end user will be responsible for notifying the company if a device is stolen within one business day.

  • If the device is lost and/or stolen then all the data, personal and business, will be wiped from the device if the device goes online and the device will be blocked from accessing the corporate network.

  • Since this is a BYOD device, the owner is responsible for replacing the physical device if the device is lost, stolen, or damaged.

  • The company will enforce security on the device and will force a password change down to each device that will expire every 90 days. Passwords are never shared with anyone at any time.

  • The end user will not jailbreak devices or execute any rooting on the Android devices.

  • Data that is hosted on the mobile device (for example, corporate applications or e-mail) is never transferred or copied to a non-approved corporate application. Refer to https://corporate.mobile.example.com for more information.

  • Sharing corporate data on any non-corporate site (for example, shared social sites) is a violation of the company policies and is grounds for termination.

  • The user will keep the software on the mobile devices up-to-date with the latest version.

  • The user will only install apps from trusted locations.

  • It will be the end user's responsibility to make sure that people are not shoulder reading their material. In some cases, a glare screen can be purchased that can help with this issue.

Disciplinary action

Violating the corporate policy or any of its specific rules will result in specific disciplinary action. This action can include termination and can include notification of local and/or federal authorities under local, state, and/or federal laws.

Company owned devices

A Mobile Acceptable Use Policy (MAUP) is a formal agreement between an organization and the employees from that organization. This document sets out the acceptable rules for mobile device usage. Also, this document will review any penalties that could be applied resulting from the rule violation from incorrect use of mobile devices.

Overview

This specific policy will focus primarily on devices that are provided to the employee by the corporation. These devices can include:

  • Smartphone (of any type)

  • Mobile Phones

  • Any style of table computers

  • PCs

  • Notebook or Laptop

Rules for corporate devices

All corporate devices must be registered with the corporate Mobile Device Management (MDM) system. This is an automated process and must be completed by all users.

Before a device can be connected to the corporate network, the employee must obtain an approval from their manager.

Rules

The following example rules can be used when a corporate device is provided to you by the end user. Each rule must be evaluated to make sure it fits your corporate environment:

  • Management can terminate a device connection any time, for any reason, to the corporate network.

  • The corporation will install virus and/or protection software on corporate owned phone/devices. End users must accept corporate network software or they will lose access to the device and the corporate network.

  • Access and use of the device will be tracked as needed by the corporation.

  • If a device is deemed "compromised", then it will be blocked from accessing the corporate network. (This can happen without notification to the end user)

  • The end user will be responsible for notifying the company if a device is stolen within one business day. All the data will be wiped from the device if the device goes online, and the device will be blocked from accessing the corporate network.

  • If the device is lost and/or stolen then all the data, personal and business, will be wiped from the device if the device goes online, and the device will be blocked from accessing the corporate network.

  • Since this device is a corporate device, end users may not use the device for personal use.

  • The end users may only use the corporate provided device for business use only. The device may not be used to run a personal business and/or for any personal use.

  • Since this is a corporate owned device, the corporation is responsible for device support, maintenance, and if the device is lost or damaged.

  • The company will enforce security on the device and will force a password change down to each device that will expire every 90 days. Passwords are never shared with anyone anytime.

  • The end user will not jailbreak the device or execute any rooting on the Android devices.

  • The user will keep the software on the mobile devices up-to-date with the latest version.

  • The user will only install apps from trusted locations.

  • It will be the end user's responsibility to make sure that people are not shoulder reading their material. In some cases, a glare screen can be purchased that can help with this issue.

  • Data that is hosted on the mobile device (for example, corporate applications or e-mail) is never transferred or copied to a non-approved corporate application. Refer to https://corporate.mobile.example.com for more information.

  • Sharing corporate data on any non-corporate site (for example, shared social sites) is a violation of the company policies and are grounds for termination.

  • The owner will not execute any illegal actions on the device.

Disciplinary action

Violating the corporate policy or any of its specific rules can result in specific disciplinary action. This action can include termination of employment and can include notification of the appropriate authorities under local, state, and/or federal laws.