The Enterprise Mobility Management system checklist outlines steps for device management, authentication, app and network security as well as defending enterprise systems from mobile devices.
With an increasing number of enterprise threats coming through mobile devices, the Cybersecurity and Infrastructure Security Agency has issued guidance to help government agencies and private-sector organizations better secure their mobile devices.
The Enterprise Mobility Management (EMM) system checklist outlines steps for device management, authentication, app and network security as well as defending enterprise systems from mobile devices.
When selecting devices for enterprise use, agencies should keep an eye on supply chain risks and require devices to be trusted – meaning, configured to enterprise standards and continuously monitored, CISA advises. Platforms should be automatically patched and updated through a mobile device management system, and all devices should be denied access to enterprise resources until they meet agency standards.
Strong passwords and PINs should be enforced, as should two-factor authentication for access to agency networks. For maximum protection, CISA recommends agencies consider biometric authentication through face or fingerprint recognition.
Agencies should disable third-party app stores to ensure that employees use only approved apps. They should also restrict mobile apps’ permissions to access camera or location data as well as syncing of enterprise data. Security containers can help agencies isolate agency data and prevent exfiltration of enterprise data to personal apps, CISA suggests. Individual devices can be protected from malicious software with a mobile threat defense system. Agencies should also be able to wipe a device’s data if it is lost or has too many login attempts.
Communications can be protected by disabling Bluetooth, Wi-Fi and GPS networks when they are not in use. Agencies should also configure their EMM to use VPNs between devices and enterprise networks.
Above all, agencies should not allow mobile devices to connect to critical enterprise PCs, servers or operational technology systems. The EMM should be configured to disallow devices to connect to critical systems via USB or wireless.
CISA also issued companion mobile cyber hygiene guidance for consumers, covering the use of strong authentication and automatic operating system updates.