Mobile devices such as smart phones, tablets and e-readers have penetrated every facet of our lives. MHealth is being touted as the most promising new mobile growth opportunity. Mobile technology offers healthcare a tremendous opportunity to provide timely information, diagnosis and care to patients. It also provides the vehicle for healthcare workers to go where they are needed, and for patients to be more proactive in preventive and on-going care. This is especially the case for rural and senior individuals who may not have access to a traditional provider’s office.
However, what makes mobile devices valuable from a communication perspective also makes them risky. New risks have been introduced at the device, application and infrastructure level requiring a focus on security policy and strategy. We’ll discuss 5 of the top mobile threats & considerations.
1. Mobile malware is in its infancy and it’s going to grow. Highly standardized, rich, native APIs make writing malware easier and more scalable than on PCs. Malware can access browser history, location data, text and email data and contacts on mobile devices. There have been multiple instances of malware compromising a mobile operating system, attaching malicious code, collecting data from the phone and sending the information to a remote server.
2. You will lose devices, you will lose data. Mobile devices are highly portable, and as a result are easily prone to loss or theft. Mobile devices ship with multiple gigabytes of storage. Controlling what data is stored on the device is extremely difficult and can create significant data protection challenges. Remote wipe, often cited as a key data protection mechanism, has a high failure rate since savvy criminals can quickly remove the SIM card.
3. Who owns the device? Who owns the data? Significant data privacy and breach issues arise between employees and organizations as staff members use corporate devices for personal activities and personal devices for business purposes. The Bring-Your-Own-Device (BYOD) trend expands this gray area by raising policy and legal questions around monitoring, device wiping, and securing devices and data. As users continue to leverage cloud based applications, knowing what data is in the cloud and what data is on a mobile device becomes increasingly complex.
4. Mobile device security solutions are still maturing. There are multiple dominant mobile Operating Systems (OS) and multiple carrier specific implementations. This results in a more diverse environment than today’s desktop and laptop world. To-date, there has been limited integration of Mobile Device Management (MDM) software & PC/Server management tools. Solutions to help manage organization data and applications on mobile devices are still evolving.
5. The Organization has less control in a mobile world. The rules of the game have changed. Doctors, staff and users are driving decisions around devices and applications, not information technology organizations. Unlike in the desktop/laptop space, users generally believe it is their right to add applications, especially if it’s an employee owned device. Also, deployment control resides largely with the platform vendor, hardware manufacturer and carrier. IT support is rarely involved.
So what can you do? First, develop and implement a formal mobile device program and strategy, including policies, standards, penalties and sanctions. Consider the proper risk balance between control, efficiency and user requirements and wants. Lastly, remember, managing through the change to mobile technology without a formal process in place creates the opportunity for confusion and costly data breaches and business disruptions.