Tom Dean of Consulting Adventures joins Felicia for part three of the analysis on mobile devices and the problems with them.

• OKTA breach, IT admin’s password getting stored in gmail password synced manager
• Two-way problems. Personal on business and business on personal
• Lack of clarity around device wipe, device use policies, apps running on devices
• Compliance is easier when business owns the asset and delineation of ownership of asset and data is clear.
• If the configurations are not managed, the cost profile to the company is a lot higher.
• Credentials and MFA spill over in both directions
• Data compliance issues
• DLP and encryption issues
• Lack of ability to define device security settings like PINs
• How are you doing effective device configuration backups?
• How do you prevent malicious apps from being installed on the devices?
• How do you have leveraged support capabilities from the mobile devices?
• Asset inventory is mandatory
• Compliance costs can be drastically reduced by having company owned assets that only get approved applications. This is another reason why end users CANNOT have admin access.
• No VPN access until someone has been part of the company for 30 days.
• Onboarding and offboarding is crucial to information security

Information security is not a technical controls issue, it is a HR management issue.

 

Verizon fell for fake “search warrant,” gave victim’s phone data to stalker

https://arstechnica.com/tech-policy/2023/12/verizon-fell-for-fake-search-warrant-gave-victims-phone-data-to-stalker/

As if all that wasn't bad enough, if an employee of a company has issues in their personal life, it will spill over to business and especially in the context of allowed personal use of company assets.