Society is currently in the midst of what many refer to as the Mobile Revolution, but lack of mobile device security could limit these advancements.
Last week I provided an overview of portable media and noted that while it is convenient, it can also be a pathway for malware to enter a digital system. To protect your digital system and prevent this from happening here are some general rules that may be used are:
- Personnel using portable media or devices must be trained to take the precautions necessary to minimize the spread of malicious software.
- If your system has different levels of security, then the portable media or device may be limited for use on only one security level.
- Portable media or devices may be kept by a custodian and require checkout for use and check in after use.
- Portable media or devices should be scanned prior to use to look for malicious software.
- If a problem is found during a scan then that portable media or device shall not be used. It will require analysis to see where the problem came from and then cleaned to remove the malware.
- Scanning tools must be kept up to date to ensure that no malicious software gets by the scan.
- After a successful scan of a portable media or device then it is acceptable for use.
- On high security systems the portable media or device should be rescanned after each use to ensure it is still clean. Once it has been successfully scanned then all data/files know or unknown can be removed.
- Portable media and devices should be labeled/marked to indicate their use.
- On high security systems portable media and devices may require storage and transport controls.
- On high security systems, detailed logs of portable media and devices should be maintain with information such as check out date/time, check in date/time, scanning date/time, scanning results, and file removal date/time.
- Don’t mix personal and business data.
- Disable autorun and autoplay features for removable media devices. These automatically open removable media files when it is plugged into your system.
- Ban bringing any personal devices to the workplace.
Implementation requires that the owner identify the portable media and devices that support their systems. If it is not something identified for use on your system then it is not to be used. Any media or devices not being controlled under your processes provide a good chance of introducing malware into your system.
Remember that no matter how strong your cyber defense is, if you allow portable media into the system you are bypassing layers of defense and potentially allowing malicious material to openly enter and attack your system. However, if you follow the above recommendations, you greatly lessen the dangers. Portable media is convenient, but must be scrutinized for potential harm.
For more tips on how to safeguard your systems from portable devices visit the National Cybersecurity Institute.