Government Mobile Device Use Still Vulnerable
Despite some inroads into improving federal employees’ secure use of smartphones and other mobile technology, risks remain.
Mobile devices used by federal employees continue to be susceptible to malicious cyber attacks. Email accounts, stored documents, microphones and cameras on the devices still present avenues of entry for bad actors.
Complicating the matter are conflicting governmental compliance policies, misconceptions of security measures and naivety about the exact risks, a recent survey concluded. Many agencies are still ill equipped to handle these incidents. Moreover, even if policies are in place, employees do not always follow them, and intrusions still happen, according to the report, "Policies and Misconceptions: How Government Agencies are Handling Mobile Security in the Age of Breaches," prepared by San Francisco-based Lookout Inc.
Bob Stevens, vice president of Lookout’s Federal team, told SIGNAL Magazine that one of the single biggest misconceptions today about government security is that federal agencies aren’t being attacked on mobile devices. "In Lookout's survey of government information technology and security leaders, we learned that in fact, 60.5 percent have experienced a security incident on a mobile device, despite claiming to have mobile security strategies in place."
Stevens asserted that governmental agencies need to recognize the misalignment that exists between the set security policies and employees’ actual behavior. The majority (96 percent) of respondents to Lookout’s survey reported their agency had a mobile security strategy. Policies could include: restrictions on downloading unapproved applications on government devices; bans on rooting, jail breaking or bypassing operating systems; or not using personal mobile devices for work purposes.
However, employees do not always adhere to the policies, creating vulnerabilities. For the agencies that have prohibited personal smartphone use for work, 40 percent of employees said the guidelines have had little to no impact on their behavior. Almost three-quarters of respondents indicated they often connected their personal devices to federal Wi-Fi for tasks while at work. Almost half sent work documents to personal email accounts. In addition, 74 percent said they installed applications to their phone that were not from a major application store, according to the report.
The answer, Stevens said, is not necessarily to ban all devices. "Restrictive policies that don't account for how people live and work today are bound to backfire," he noted. He cautions that agencies need to manage employees’ device use in a way that embraces, instead of bans, mobility.
"Mobile threat defense, coupled with mobile management solutions and employee education, provide a solid foundation of protection," he said.