Today, tablets are becoming the core pieces of electronics, along with smartphones. In light of recent events of cyberwar and espionage, the signals show an increase and greater complexity of new variations of malware, virus and spyware that is reverse-engineered by cyber-criminals to steal data, gather intelligence and other information to sell to the highest bidder who are likely competitors.
Security best practice
Originally, tablets were not meant as corporate devices but were thought of as private internet-enabled information vehicles and e-book readers that allowed access to multimedia and internet web pages. However, since the dawn of the new mobile technology, we have seen new threats target businesses of all sizes as well as an increase in smartphone- and tablet-based attacks via spyware, malware and viruses. So how is a company to know what to secure and how to secure it?
All security best practice and mechanisms are based on an overall security solution and methodology or best practice. This solution starts with an awareness campaign that teaches or talks about general security practices of complex passwords, appropriate email and internet use as well as encryption for data at rest as well as in transit. So, to begin, we need to be aware of threats and know the basics of security. Next, we look at a security policy that explains how we secure devices and procedures for dealing with spam emails, social engineering and solutions using web filters, botnet detection and encryption.
Finding solutions
In conclusion, mobile devices and tablets (slightly different because of the operating systems) mean that we need a solution that filters traffic to block suspicious access to botnet websites and infected websites that host malware and virus payloads. We then look at locking down the configuration, monitoring applications, which forces VPN connections to deter sniffing over open W-Fi connections (in a café, for instance), as well as passwords for each application (to protect against infected machines accessing company data). Lastly, adding security by using the device’s native encryption (or an additional one such as our Mobile Encryption) that lets employees work with company data across multiple devices and operating systems (our encryption everywhere solution) easily and transparently.
All the components listed together add to an enterprise’s security posture while keeping the complexity of security simple and in check — simple security that either uses the OS’ built-in features and manages these better and keeps them more secure; added components of alerts and antivirus programmes (such as our Mobile Security) help business leaders cope with the increasing attacks and threats due to cyber espionage, warfare and crime while focusing on doing what is most important; and building long-term customer relationships and also generating revenue by providing the best service possible.
— The writer is a security specialist at Sophos
