Filter by Category

Upcoming FISMA Update to Protect Mobile Data

FISMA to improve mobile security

Mobile security has been a frequent topic of discussion in recent months. For those in the public sector, a lack of compliance requirements for mobile devices has sparked several concerns. Is it safe to connect to the cloud with a device that isn’t protected? How many cell phones and tablets are at risk of being compromised by everyday use, like connecting to a vulnerable wireless hotspot or downloading a seemingly harmless application?

FISMA, the Federal Information Security Management Act, requires government agencies to create, document, and implement a plan that ensures the security of their network and information systems. This covers devices like workstations, laptops, and desktops, but it sadly lacks mobile guidelines.

Thankfully, this oversight may soon change. The Department of Homeland Security (DHS) has turned their focus to mobile security, with plans to implement new research programs and update FISMA with new mobile requirements for government workers. In April 2017, they published a Study on Mobile Device Security with consultation from the National Institute of Standards and Technology (NIST). Their top consideration moving forward? Enhance FISMA metrics to focus on mobile device security.

A mobile addition to FISMA compliance couldn’t be more timely. According to this article, “67% of companies included in a recent Ponemon Institute survey have experienced a breach from an employee’s mobile device.” Other shocking statistics, like the hefty, $10,000 pricetag that comes with investigating and repairing just one infected device, capitalize on the very real need for mobile security.

Furthermore, attacks on mobile applications and mobile data, especially those belonging to federal employees, are on the rise. The Business of Federal Technology states in an article on prioritizing mobile security: “Because of the combination of features only available on mobile—connected via Wi-Fi or cell networks with voice, camera, email, location, passwords, contact lists and more—these devices have become an attractive target for cybercriminals and nation-states looking to spy on government agencies, infrastructure providers and others.”

There are steps organizations can take now to prioritize the security of their employees’ mobile devices. Some of these include mandatory use of multi-factor authentication, only allowing use of work-provided devices during normal business hours, limiting what each device can access and download, and requiring frequent OS updates. We also suggest reviewing your current cybersecurity policies in anticipation for FISMA’s mobile security update.

As of the publication of this post, FISMA may roll out requirements for mobile security in 2018.

 

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


What is FTPS?

December 4, 2018

Whether you’re looking to upgrade from your current FTP file transfers or have new requirements from a trading partner or customer, you might be wondering what FTPS is. How does it work, you…


Need an Alternative to AMRDEC SAFE’s File Service? Start Here

November 29, 2018

AMRDEC SAFE Shut Down Due to Security Issues Bad news for the U.S. army: AMRDEC SAFE, the Army Aviation and Missile Research Development and Engineering Center Safe Access File Exchange service that…


How 3 Financial Institutions Solve File Transfer Needs with MFT Software

November 26, 2018

On a scale of 1-10, how would you rate the efficiency of your file transfers right now? If you use manual scripts, legacy software, or a myriad of free tools to balance your encryption, automation,…


Recent 2018 Data Breaches in Healthcare (and How to Avoid Them)

November 14, 2018

Phishing attacks, malware, and employee errors. These are three of the most recent causes for healthcare data breaches in 2018, with more certainly to come. The year isn’t over yet. For anyone…


Which is Better: SFTP vs. MFT?

November 6, 2018

SFTP, or MFT: that is the question. Even though we’re not all famous poets like William Shakespeare, many IT professionals will ask this question at some point or another. Should they use an…