Many believe that there continues to be exposure to considerable weaknesses with this technology.
The results of a review that was conducted on the mobile security levels through the use of smartphones and tablets by employees of the Social Security Administration (SSA) has revealed that there are considerable weaknesses.
It has been stated that a significant reason that this problem exists is due to the lack of a cohesive policy.
This problem and speculation regarding mobile security at the SSA was identified and published in a report by the Office of the Inspector General. What the Inspector General’s office determined was that the federal agency “did not always conform with federal standards and business best practices to mitigate unauthorized access to the agency’s sensitive information.” It determined that as the use of devices such as tablets and smartphones continues to become more prevalent, this represents a vital weakness.
A serious mobile security gap can exist when many common behaviors are adopted by SSA employees.
While it is true that the use of mobile devices give SSA workers the opportunity to accomplish a great deal more, even when they are not sitting at their desks, there are certain behaviors that are considered to be quite commonplace among private device users that can leave a gaping hole in security when used on a professional level. Among them are the downloading of third party apps, as well as accessing the internet over an unsecure network. This spikes the risk of loss or theft of sensitive data.
Among the tests that were conducted on the security of the mobile device use by SSA employees was the copying of a file by the Inspector General’s office to a mobile device. Though the agency’s own standards would have required that this file encrypt itself automatically, this was not the case during the test.
Equally, among the 17 employees of the SSA that were interviewed in this review process, only half showed that they understood that for mobile security purposes, it was important that their agency-provided devices be used exclusively for official government business. Moreover, not a single one of the people who were interviewed were able to identify a policy that was specifically meant to guide them with regards to the use of these gadgets.