Pub. 9 2020 Issue 1

The CommunityBanker 12 F E A T U R E Mobile Device Security A s technology has advanced, it has grown to a place where employees are able to stay connected to their work, even after clocking out for the day. Employees can use their laptops, phones, and tablets to continue work- ing or to respond to emails. This is a great aspect for better communication and increasing productivity; however, the security of these devices can get overlooked. A small percentage of companies supply mobile devices for their employ- ees, but the vast majority of employees bring their own devices. The challenge many companies face is how to secure those devices to protect the sensitive information that is stored on the device or is accessible on it. The key to ensuring security on these devices is to use a mobile device manage- ment solution. When employees need to have access to sensitive information, adding the device to the mobile device manager will require certain security poli- cies to be enforced. There are several solutions that can be used to enforce security settings. The most common is Microsoft Exchange Active- Sync. A few others include IBM MaaS360, Cisco Meraki Systems Manager, and VMware AirWatch. At a minimum, a mo- bile device management solution should enforce these settings: Require a PIN It is vital to prevent unauthorized access to devices that have sensitive or confiden - tial company information on them. The simplest way to enforce unauthorized access is through a personal identification number (PIN). PINs should be four characters at minimum, but six or more is even better. Many mobile device management solutions can prevent users from using simple passcodes (e.g., 1234, 0000). Most mobile devices can also use biometrics, which are an even stronger control than a PIN number. By Andrew Hettick, SSCP, Security+, ISACA Cybersecurity Fundamentals