Better Implementation of Cyber Security Controls for Mobile Devices Should Be Encouraged

The Government Accountability Office (GAO) recently put out a report calling on federal agencies to engage in better implementation of mobile cyber security. The GAO looked at the number of mobile threats along with the federal promotion of mobile security. It’s final conclusion was that while connected device control has been encouraged, mobile security threats are still on the rise because the actual implementation of security and control has not been present.

“Federal agencies and private companies have promoted secure technologies and practices through standards and public private partnerships. Despite these efforts, safeguards have not been consistently implemented,” read the GAO report from this September.

What the GAO Found:

  • Mobile Malware has risen from about 14,000 to 40,000 or about 185 percent in less than a year
  • Mobile threats are facilitated by vulnerabilities in the design of connected devices and by the way that consumers use these devices
  • Many consumers are still unaware of how to best protect themselves from malware and mobile vulnerabilities

Common User Mistakes and Device Vulnerabilities

The GAO acknowledged 10 possible cyber security vulnerabilities ranging from simple password protection to not using security software and outlines how to fix these breaches. To see the full list, click here.

  • Enable Password Protection: This is a quick and easy way to prevent anyone from stealing your data after your phone is lost or stolen. If you are using a password though, make sure that it is something besides the default ‘1234’ or ‘0000’. These passwords can be guessed very easily.
  • Update your operating system: Update your operating system to keep up to date with the latest security patches. App and OS updates often fix security issues that have been discovered.
  • Enable Two-Factor Authentication: This can give you a more secure level of security than just a password. Two-factor authentication often involves answering a security question or getting a text sent to your phone that verifies that you are yourself in addition to entering your password.
  • Use Security Software: Connected devices do not usually come with security software. If you are accessing sensitive data, you should enable security software or hardware to protect this information.
  • ailbreaking: If you jailbreak your phone to modify the device you are removing limitations that protect how security is managed. With a jailbroken phone you also will not receive OS updates, increasing your risk for malware.

The GAO recommended to the FCC that the private sector should implement broad, industry-defined guidelines for mobile security. It also asked the Department of Homeland Security (DHS) and National Institute of Standards and Technology (NIST) to improve national cyber security awareness through promotion.