by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : October 30, 2013
Commentary | BRIAN E. FINCH Life was a lot simpler in the days of ip phones and Wi-Fi-free coffee shops. Back then the biggest wor- ries were scams involving people using a mobile device to surrepti- tiously make international phone calls or using unfamiliar computers to send important information. As technology has changed, however, so too have the threats. Now a lost smartphone can result in a major network compromise, and laptops left in taxis or dropped thumb drives can trigger data- breach noti cation requirements --- assuming, of course, that the IT department knows whether devices carried by employees are connected to the agency s network or contain sensitive or classi ed information. And the problem is only getting worse. Trend Micro s 2013 second- quarter Security Roundup report identi ed a dramatic increase in the amount of malware aimed at mobile devices that use the Android operating system. The report shows that the number of malicious and high-risk Android applications had grown to 718,000 in the second quarter of 2013, up from 509,000 in the previous quarter. Trend Micro expects the total number of mali- cious applications to exceed 1 mil- lion by year s end. McAfee, in contrast, identi ed a much smaller but still eye-popping number of mobile malware threats. For the rst quarter of 2013, it identi ed 50,926 pieces of mobile malware. In contrast, for all of 2011, the company gathered only 792 samples. Most of the mobile mal- ware was aimed at Android devices. (McAfee s malware gures were lower due to the different way it categorized mobile malware.) The types of threats are evolv- ing as well. Kaspersky Lab recently identi ed mobile malware that is designed to leap to desktop devices. And the threats don t just come from mobile malware. Security researchers recently identi ed malware installed in USB ports that issues malicious commands to mobile devices plugged in for recharging. And then there are the concerns about connecting to unse- cured public Wi-Fi signals, which can easily be monitored for valu- able information. This list of threats is far from complete or static. But it illustrates that mobile devices pose a serious cybersecurity threat to IT enterpris- es, and as other devices are locked down, attacks involving mobile malware will only increase. All of this is compounded by the "bring your own device" revolution, which has given employees access to com- pany or agency networks via their personal devices. Admitting that we have a security problem is the rst step to mitiga- tion. By recognizing the threats posed by mobile devices, admin- istrators can now turn to security measures. Obviously, every agency is going to need a specialized approach, but some basic security steps would include: • Implement a speci c BYOD policy to manage personal devices con- nected to the agency s networks. • Lock down agency-issued laptops and other mobile devices so that only certain programs can be down- loaded and only speci c informa- tion (if any) can be removed from the device. • Institute policies regarding con- necting to networks when traveling. • Enforce strict policies regard- ing the carrying or use of mobile devices when traveling overseas, especially in areas where thefts of mobile devices or deliberate breaches are commonplace. • Inventory mobile devices regular- ly; knowing which devices should be connected to a network will help administrators manage the security process. Mobile devices must be treated with the same responsibility and security measures as any other electronic device. Although they can dramatically increase ef ciency and even employee satisfaction, they are yet another threat vector to worry about. Failure to do so could lead to unwanted results. ■ Beware the mobile threat The attacks on mobile devices are multiplying and growing deviously creative, and recognizing that is the rst step to better security As other devices are locked down, attacks involving mobile malware will only increase. BRIAN E. FINCH is a partner at Dickstein Shapiro. October 30, 2013 FCW.COM 11
September 30, 2013
November 15, 2013