Content, Security Program Controls/Technologies, Distributed Workforce

10 Mobile Device Security Best Practices From Department of Homeland Security

The mobile device ecosystem is growing, and the security of mobile computing is improving simultaneously, according to a recent study conducted by the U.S. Department of Homeland Security (DHS).

DHS's "Study on Mobile Device Security" showed many mobile device security improvements can be attributed to safeguards implemented by mobile operating system vendors and federal departments and agencies deploying enterprise mobility management (EMM) systems to manage their mobile devices and applications.

In addition, the study revealed collaboration between the federal government and the mobile device industry and research community is paramount to solve gaps in mobile device defenses, DHS said in a prepared statement.

Key Findings from the Study

The Study on Mobile Device Security described current and emerging threats to the federal government's use of mobile devices and recommended security improvements within the mobile device ecosystem, DHS stated.

Key study findings included:

  • Threats to the federal government's use of mobile devices exist across smartphones and tablets running mobile operating systems.
  • Mobile threats include those perpetrated by nation-states, organized cybercriminals or hackers due to loss or theft of mobile devices.
  • Banking fraud, ransomware, social engineering and other mobile threats that frequently impact consumers also affect the federal government.
  • Federal government mobile device users may be more likely to be targeted with additional threats than others because they are public sector employees.
  • Federal government mobile devices could provide cybercriminals with a way to attack back-end computer systems that contain the data of millions of Americans and sensitive information related to federal government functions.

The use of mobile devices across the federal government is "an insignificant market share," according to the study. However, the stakes for federal mobile device users are high, the study stated, and consumer-level mobile security is insufficient for government employees.

Federal Mobile Device Security Recommendations

DHS offered the following recommendations to improve federal mobile device security:

  1. Create a mobile device security framework based on existing standards and best practices.
  2. Bolster Federal Information Security Modernization Act (FISMA) metrics to focus on protecting mobile devices, applications and network infrastructure.
  3. Incorporate mobility into the Continuous Diagnostics and Mitigation program to address the security of mobile devices and applications with capabilities that are similar to those of workstations, servers and other network devices.
  4. Continue the DHS Science and Technology Directorate (S&T) applied research program in mobile application security to drive the secure use of mobile applications for government use.
  5. Establish a new program in mobile threat information sharing to address mobile malware and vulnerabilities.
  6. Coordinate the adoption and advancement of mobile security technologies into operational programs to ensure that future capabilities include security and defense against mobile threats.
  7. Develop cooperative arrangements and capabilities with mobile network operators to detect and respond to threats.
  8. Create a new defensive security research program to address vulnerabilities in mobile network infrastructure.
  9. Increase active participation by the federal government in mobile-related standards bodies and industry associations.
  10. Develop policies and procedures regarding U.S. government use of mobile devices overseas.

Mobile devices are "essential to the United States not just for government use, but also for the security and integrity of communications for businesses and citizens," DHS noted in a prepared statement.

As such, the federal government will continue to explore objectives to combat the proliferation of mobile threats, DHS stated.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.