NIST Guidance for Reducing Mobile Device Cybersecurity Risks
If your organization embraces (or simply allows!) the use of mobile devices for the workplace, the natural tradeoff you're making for increased productivity, efficiency and convenience is an increase in cybersecurity risks to your organization. In addition to creating another place where sensitive data may be stored (and accessed by a bad actor), mobile devices also provide another potential entry point for bad actors looking to access your enterprise systems and the sensitive data that resides there.
The good news is that the National Institute of Standards and Technology's National Cybersecurity Center of Excellence has released Special Publication 1800-4 to provide practical guidance and examples that organizations can use to better secure data on, or accessible by, mobile devices.
Remember, an organization's legal and business obligations to protect data don't depend upon whether unauthorized access was gained through a desktop or laptop being used within the organization's facility, or a mobile phone or tablet being used in a remote location. Consequently, the mobile device risks to your organization's systems and data should be included as a part of any review of your organization's overall cybersecurity posture.
Bobby Turnage leads Sands Anderson's Cybersecurity and Technology Team. If you have any questions about his post or any data security or data breach issues, please contact Bobby or a member of our Cybersecurity and Technology Team.