As mentioned in the previous post, on November 13th the XI National Congress of ANSSAIF (National Association of Security Specialists in Companies of Financial Intermediation) was held in Rome, on the theme of ‘Digital Services, Security, Network – What knowledge and what tools to address new threats?’. The appointment, rich of illustrious and interesting interventions, also saw the participation of Prometeo Management Consulting, who presented the results of the online survey about security of mobile devices launched for the occasion. Below we summarize the main results of the survey, presented during the Congress.
- The interviews revealed a lack of awareness among users about the risks and consequences of their own behavior in terms of security awareness. Companies can make up for this deficiency by implementing an adequate training program for all employees.
- The safety deficiencies identified could be addressed through the implementation of a tool for the mobile device management (EMM) that allows to manage the device from all points of view (Hardware, Software, Security).
- It was found that business mobile devices are also used for personal purposes, so exposing the organizations to security risks for their systems to which the devices have access. In particular, 65% of surveyed users stores personal data on business mobile devices. It is important to combine to an EMM suite also company policies and procedures to identify and formalize the engagement and the commitment of top management.
It is necessary to develop a strategy for the creation and management of a real mobile organization, while minimizing security risks and the impact on the company’s infrastructure. And it’s therefore necessary to consider a holistic approach that will ensure compliance with all business objectives. This aspect is thus fully in line with the principles of Data Protection by design and by default introduced by the new European General Data Protection Regulation (GDPR). So it seems appropriate to consider the management of mobile devices while organizing the “Privacy Impact Assessment” required by the same GDPR.
Those above are some of the key points to be addressed to ensure the security of personal data in the challenging context in which we are immersed; in the world of “always-connected-mobile” the information is dispersed and always reachable, and this inevitably requires the awareness and empowerment of users themselves to ensure the security of their own data.
I agree with your conclusions. I conducted a vulnerability assessment on a number of smart phones and I found that most (80%) of devices are vulnerable. See my tweet https://twitter.com/mauriziopastore/status/672443560755638272
Consip (the ICT in hous company of italian Finance minstry, in charge of public procurement for all public organization in Italy) in the bid for mobile services and phones do not mention vulnerability and antivirua see https://www.acquistinretepa.it/opencms/opencms/main/pa/strumenti/dettaglio.jsp?idT=190012&tipoVis=doc&vetrina=PA&idL=&nome=Telefonia+mobile+6&orderBy=attivazione&__pagina=1&__element=&frompage=convenzioni.jsp&categoria=1&altribsemp=&nomebsemp=&user_id=9d621efd-c454-39a9-a475-bd1f828bb103&adfgen_menuId=0&id_cat=&id_utente_az_amm=
Very interesting, thanks for the contribution.