Mobile Computing

The Top 5 Ways to Improve Smartphone Security

Eddie SchwartzEddie Schwartz is the international vice president of ISACA (formerly Information Systems Audit and Control Association), chair of ISACA’s Cybersecurity Task Force, and president and COO of WhiteOps. In this interview, he discusses ISACA’s recent survey about mobile device security.

THE Journal: Who responded to the survey, and how many respondents were there?

Eddie Schwartz: ISACA surveyed more than 900 cybersecurity professionals globally, who are members of the association.

THE Journal: What was the biggest mobile security concern cited in the survey?

Schwartz: Although not directly addressed in the survey, ISACA members have expressed the following concerns: problems with authentication, malware on certain operating systems, mobile device theft and mobile applications security.

THE Journal: According to the survey, at what age should students start learning about mobile security? How much mobile security training do they need?

Schwartz: More than 8 in 10 U.S.-based cybersecurity survey respondents say students should learn about mobile security by age 13.

Just as we teach kids to look both ways when crossing the street, we should teach them the fundamentals of Internet safety from an early age and continue to evolve that training into middle school and high school. This progressive education and training in Internet security is necessary for both their personal and professional safety.

Internet security is a problem and should be a concern not just for people entering the IT field; it should be a concern for everyone, everywhere.

Top 5 Ways to Improve Smartphone Security

According to the cybersecurity professionals who answered ISACA’s survey, here are the five best ways to  improve the security of a student’s smartphone:

  1. Require a PIN or password to protect the phone.
  2. Install parental control software.
  3. Ensure the ability to remotely wipe or shut down the device.
  4. Install mobile security software.
  5. Ensure the phone doesn’t automatically connect to public Wi-Fi networks.

THE Journal: You give a top five list (see sidebar) of ways to improve the security of a mobile device, but what about maintaining the security and the privacy of students’ software?

Schwartz: Just like any security problem that corporations face, schools at every level need to have strong, comprehensive security programs in place. And if they don’t have the competency in-house, they need to seek service providers who can do the work for them.

THE Journal: What role do you think ISPs and search engine companies should play in keeping students safe online?

Schwartz: ISPs and search engine companies can offer tools for parental controls for those parents seeking to filter Internet results and information they feel is objectionable or may violate their security and privacy.

THE Journal: Are there any other key takeaways from the survey that might interest tech-savvy educators?

Schwartz: First, while threats to mobile security are growing, there is a shortage of cybersecurity professionals in the world to combat them. Those in secondary education should consider recommending a cybersecurity career path and point out the need for growth in this space.

Second, because there is this shortage of skilled cybersecurity professionals and because cybersecurity is difficult, educational institutions need to think hard about whether they have the necessary security in place to protect the privacy of student information. They need to look inside to see if they are adequate and have the skills for a strong, comprehensive security program or if they need to look outside to get the job done.

THE Journal: Given the concerns revealed in the survey, what concrete action is ISACA taking to help improve mobile security? And what other steps would you suggest schools and districts to take?

Schwartz: As part of ISACA’s training, we stress mobile security as a key area of concern for security professionals. To provide guidance, ISACA released a white paper, Securing Mobile Devices, and has offered webinars and virtual conferences on the topic.

Schools and districts should look inside their organizations, do an assessment of how they are approaching mobility, use ISACA’s guide to be sure they have the appropriate security in place and seek outside help if there is a gap in what they can do.

Security is not just a problem in the area of mobile devices. Emerging technologies also should be evaluated in schools of all levels. They need to ask themselves if they have locked these areas down adequately, also. ISACA is providing education and tools to help these organizations do that.

About the Author

Christopher Piehler is the former editor-in-chief of THE Journal.