What’s Trending on Mobile Security?

As we’ve see over the last several years, mobile security continues to dominate the headlines and trade show chatter. So how is the conversation around mobile security taking shape, so far, in 2012– what’s new and what can expect? Here’s a round-up of what top security experts and thinkers are predicting.

• Anti-Theft Protection – “If mobile devices aren’t under attack to the extent that PCs are, mobile devices still carry a well-known security risk: they tend to get lost or stolen. That fact alone should be reason enough for businesses to take a more rigorous approach to securing mobile devices, including tracking them when they go missing, and ensuring that remote-wipe capabilities are in place should it be too difficult to recover the devices.”—Mathew J. Schwartz, journalist at InformationWeek.

• Mobile VPN – “A VPN that is designed to easily adapt to network changes and that enables seamless mobile roaming is the best option for teleworkers. Solutions should allow devices to automatically change between 3G/4G, Wi-Fi and LAN networks, for example, redirecting the VPN tunnel without interrupting mobile computing sessions. The VPN should also automatically recognize secure and unsecure networks, activating the appropriate firewall and security policies as needed.”—Rainer Enders, CTO Americas, NCP engineering.

• Malvertising – “Malvertising has been one of the banes of Web for years and it is starting to go mobile. Malvertising is when there are genuine looking ads that link back to fraudulent sites that can download malware to a device.”—Dan Rowinski, journalist at ReadWriteWeb.

• Sensitive Data Breaches – “Hackers are targeting mobile platforms not just because they can but also because these devices offer a treasure of personal and financial information…2012 will likely be the year that you start doing your personal banking on a cell phone. Banks are taking heed that customers demand websites that are functional on smart phone or tablet-sized touchscreens as well as apps that put account access a touch away. With the spread of Near Field Communication technology in the newest generation of phones, this may be the year that you start to reach for the phone instead of a credit card at the checkout counter.”—Erin Nealy Cox, contributor at Forbes.

•  Increasing Employee Protection – “Securing mobile devices goes beyond traditional network security considerations and IT security managers have to consider whether they want to have firewalls on these devices, as well as if employees are even going to allow for the installation of security controls on their smartphones and tablets.”—Andrew Hay, Senior Security Analyst at 451 Research.

• BYOD Complacency – The bring-your-own-device (BYOD) trend doesn’t seem to worry security professionals: 44% say mobile devices present only a minor threat, compared with 25% who say they are a major threat. The numbers were similar in 2011. “Respondents who perceive mobile devices as a security threat say the loss of a device is the most significant security concern with mobile devices, and we agree. These devices are easy to lose and easy to steal, so remediating the effects of a loss or theft should be the top priority for security teams.” – Michael A. Davis, CEO of Savid Technologies, a technology and security consulting firm.

What do you consider to be the biggest mobile security trends right now?

What We’re Reading, Week of 5/21

Network World– Sales of unused IPv4 addresses gathering steam

Byte – Why IBM Turned Off Siri (and Dropbox and Lots Of Other Things)

CIO– Why Office for iPad is Inevitable

Scripps Howard News Service – Defense Workers Try Securing a New Way to Telecommute 

The State of Healthcare Security Breaches

By Sylvia Rosen

Security breaches in are, no doubt, terrible for business owners. But when dealing with the healthcare sector, these breaches intensify in their potential for causing humiliating, or potentially, dangerous ramifications.

In 2010, 42,275 people were affected by stolen, paper healthcare records, encouraging hospitals to make the switch to electronic health records. Still, industry experts say that electronic health records are still at risk from security breaches if they aren’t handled with care. Kroll Advisory Solutions found that the frequency of healthcare data breaches has increased steadily over the past six years, and the main cause is a lack of training and awareness among staff.

“Human error by employees was a major factor in health breaches, according to respondents [in the 2012 Kroll/HIMSS Analytics Report]. Of the respondents, 79% said security breaches were initiated by an employee, and 56% said breaches occurred because employees had unauthorized access to information.” – Brian T. Horowitz, health writer at eWeek.

“Any server or other data warehouse with patient health information must be securely protected. The expanded use of mobile devices offers new operational efficiencies and increased vulnerabilities. Security steps for mobile devices should be included in the action plans so that guidelines are set.” – Lisa Gallagher, senior directory of privacy and security for HIMSS.

“Another significant takeaway [from the 2012 Kroll/HIMSS Analytics Report] is that mobile devices might be great for giving clinicians information at the point of care – but they’re not so good at keeping PHI safe. Nearly a third (31%) of respondents indicated that information available on a portable device was among the factors most likely to cause a breach (up from 2%  in 2010 and 4% in 2008).” – Mike Millard, managing editor at Healthcare IT News.

“As healthcare organizations turn to sources like the cloud and like remote computing, one of the things I think that every healthcare organization should do is to look across its suite of applications, is for those they are not hosting, that are not running on a remote server, that are running in the cloud if you will. They should be asking the questions like, what logs are there, what security features are there, what record keeping is turned on? As we move toward portability of electronic medical records, as we move toward new and evolving systems of payment, you can be certain that the risk factors are going to change. So, I think the key is continual vigilance; you can never get to the point of saying it’s good enough. Because the best you can is say it is good enough right now, today, under the circumstances in which we find ourselves.” – Alan Brill, senior managing director at Kroll Inc.

Security breaches in the healthcare industry might be inevitable. But with employee training, awareness and advanced data encryption on devices, healthcare professionals stand a better chance at preventing their patients from turning into victims.

Sylvia Rosen is an online writer who writes on a variety of security topics, trends and tools such as document management systems. 

Readers’ Poll – Remote Access VPN Solutions

Making Mobile Health Possible, Part 2

Earlier this week, we explored the innumerable medical breakthroughs that could stem from mobile health innovations. Today, let’s consider the security considerations to enable this.

Security Must Be Paramount

Yet, considering how sensitive and valuable medical information is, proper precautions must be taken to secure this data before mobile health can become mainstream. For instance, if hackers or disloyal employees scan or manipulate health data that is sent via mobile applications, the consequences can range from embarrassment to, frankly, death. It’s easy to understand why ensuring these connections are secure is absolutely critical.

Mobile health, however, requires special VPN functionality. For instance, it requires both extremely high security and flexibility. After all, a healthcare application might use a potentially insecure public Wi-Fi network to communicate with the IT system of a hospital or a medical office. In order to maintain security in such a scenario, the VPN client must be able to automatically adapt to these security settings.

The same requirements apply to smartphones and tablets used by nurses in elderly or outpatient care. Such solutions relay patient information—from homes or hospitals—onto the central database, typically via a VPN connection. And so again, the VPN connection must be able to flexibly adapt to various network connections, given some of amount of unpredictability of the locations. Also, considering that many healthcare workers are not trained in technology, the VPNs must be easy to use, so convenience is not traded for security.

There’s no doubt mobile health offers innumerable opportunities to lower the cost of healthcare and infinitely improve efficiencies and convenience. The question is, can we ensure that this is done securely?