Thursday, September 17, 2015

SEC+ :- What is the best methods to protect the confidential data on the device?

A smartphone is an easy target for theft. Which of the following are the best methods to protect the confidential data on the device?

Remote wipe and encryption are the best methods to protect a stolen device’s confidential or sensitive information.

GPS can help to locate a device, but it can also be a security vulnerability in general; this will depend on the scenario in which the mobile device is used.

Passwords should never be e-mailed and should not be associated with e-mail.

Tethering is when a mobile device is connected to another computer (usually via USB) so that the other computer can share Internet access, or other similar sharing functionality in one direction or the other. This is great as far as functionality goes, but more often than not can be a security vulnerability.

Screen locks are a decent method of reducing the chance of login by the average person, but they are not much of a deterrent for the persistent attacker.
 Additional Learning
On-boarding and off-boarding

Most employees (of all age groups) are also concerned with how on-board devices (such as the on-board camera) can be used against them with or without their knowledge. Companies that offer BYOD solutions tend to refer to the camera (and photos/video taken) as part of the personal area of the device. However, those same companies will include GPS location as something the company can see, but this can be linked to a corporate login, with GPS tracking the user only when the user is logged in. On-boarding and off-boarding in general are another concern. Essentially, on-boarding is when the security administrator takes control of the device temporarily to configure it, update it, and perhaps monitor it, and off-boarding is when the security administrator relinquishes control of the device when finished with it. It brings up some questions for the employee: When does it happen? How long does it last? How will my device be affected? Are there any architectural/infrastructural concerns? For example, will the BYOD solution change the core files of my device? Will an update done by a person when at home render the device inactive the next day at work? That’s just the tip of the iceberg when it comes to questions and concerns about BYOD. The best course of action is for an organization to set firm policies about all of these topics.

No comments:

Post a Comment