The United States Cybersecurity and Infrastructure Security Agency (CISA) last week published a Capacity Enhancement Guide (CEG) to help organizations secure mobile devices and their access to enterprise resources.
The Enterprise Mobility Management (EMM) system checklist is meant to help businesses mitigate vulnerabilities and increase overall enterprise protections by implementing a series of best practices for securing enterprise-managed mobile devices.
In this regard, CISA recommends the use of devices that meet enterprise requirements, enabling automatic updates through a Mobile Device Management (MDM) system, implementing a trusted devices policy (for updated, unrooted, and EMM-configured devices), and denying access for untrusted devices.
Enforcing strong authentication (including PINs of at least 6 digits) on the enterprise-trusted devices is another easy-to-implement policy that boosts overall device security, the same as the use of two-factor authentication (2FA) when enabling access to enterprise networks.
CISA’s CEG also encourages enterprises to practice good app security, including the use of curated app stores, isolating enterprise applications, minimizing the amount of personally identifiable information (PII) in apps, disabling sensitive permissions, vetting enterprise-developed applications, and restricting OS/app synchronization, to prevent data leaks.
Furthermore, organizations are advised to disable radios such as Bluetooth, GPS, NFC, and Wi-Fi when they are not in use, as well as to disable user certificates and to employ secure communication apps and protocols, such as VPNs, when mobile devices connect to the enterprise network.
Ensuring that mobile devices are protected at all times is also essential to securing the enterprise network, CISA says. Thus, organizations are advised to use Mobile Threat Defense (MTD) systems, to ensure that only trusted chargers and cables are used for charging devices, and that the lost device function is enabled.
Ultimately, organizations of all types should also make sure that mobile devices do not connect to critical systems, as any infected device could lead to the compromise of business-critical ancillary systems.
Separately, CISA published a CEG for consumers looking to improve the security of their mobile devices, with recommendations that should be applied to any device, especially those that organizations allow employees to connect to enterprise networks.
Related: CISA Releases Incident and Vulnerability Response Playbooks
Related: NSA, CISA Issue Guidance on Selecting and Securing VPNs
Related: New CISA Tool Helps Organizations Assess Insider Threat Risks
More from Ionut Arghire
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
Latest News
- Google Suspends Chinese Shopping App Amid Security Concerns
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
