The healthcare sector has long been a major target for cyber-attackers – take last year's UK National Health Service breach as a prime example – but, with the exponential growth and availability of mobile devices, new security threats are emerging.
The growing popularity of mobile devices has led cybercriminals to see them as a new avenue for attack. Mobile device malware infections surged 96% from 2015 to 2016, according to the Nokia Threat Intelligence Report. A report by McAfee Labs predicts that this trend will continue its growth in 2017, with ransomware, banking trojans, and remote access tools among the leading threats.
With headlines about data breaches and identity theft rarely leaving the news cycle, most healthcare professionals now understand the need to protect desktops and laptops from online hazards. But they often don’t realize that they face the same threats, as well as a whole host of new ones, with their mobile devices.
While data security is paramount within any industry, its importance within healthcare is absolute. The loss of, or interference with, a patient's sensitive data could lead to a life or death situation, so ensuring that mobile device security is maintained is imperative.
Healthcare organizations should ensure they have comprehensive mobile device security and, if appropriate, BYOD policies which include stringent rules covering security. To avoid device data breaches, it is important that staff take an active role in mobility security.
The following 10 mobile device security precautions will help staff keep their individual devices and data safe and may be included in your organization's device policy.
1. Always Use Password Protection
Password protection is one of the most basic security precautions you can take to protect your device, but one that is frequently overlooked. A study by Kapersky Lab found that 19% of smartphone users and 23% of tablet users do not use any form of password protection – the equivalent of leaving the door wide open to attack.
For the best protection, choosing a strong and unique password that incorporates a mixture of letters and numbers is preferable. But utilizing a passcode alongside a biometric security measure, such as a 6-digit password alongside fingerprint recognition offers a similar level of protection.
2. Ensure Your Device Auto-Locks When Not in Use
If you set up password protection on your mobile device but then constantly leave it unlocked, the benefit is lost.
The majority of mobile devices offer an auto-lock feature that locks it after a period of inactivity. Choosing the shortest timeout is the safest option, even if it does feel inconvenient to continuously re-enter passwords.
3. Install Security Software
Your mobile device is a highly complex piece of computing equipment and should be protected accordingly.
There is a vast number of viruses that can cause considerable damage, but installing security software that includes malware prevention, remote data wipe, and an advisory assistant that can alert you to potential risks will help keep your device secure.
In a recent study, Kapersky Lab found that only 46% of users have protected their devices with both a password and a security solution. While there is no one solution that offers complete protection, by combining different safety measures you can make sure your mobile device has the best possible protection.
4. Don’t Ignore Updates
Software updates may seem like a waste of time, especially since they can put devices temporarily out of action, but they typically include fixes for security issues found in older versions, so it’s important to not put them off.
The longer you wait to update operating systems, the longer your mobile device may be at risk from a vulnerability that could have been fixed immediately.
5. Turn Off Wi-Fi Auto-connect
Many healthcare facilities will have their own private, secure network for staff, also known as a VPN, where software is used to encrypt a session across an otherwise public network. But it is also common to see free public networks that visitors can access which don't have the same security protocols.
Free public Wi-Fi sounds great in theory, but it comes with a whole host of security threats that make it very easy for hackers to intercept and capture information.
Mobile devices often have an auto-connect function that constantly probes for wireless networks and automatically connects when one is found. Turning this function off will reduce the risk of connecting to unsecured networks and reduce hackers' ability to intercept your data.
6. Be Wary of Unknown Links
The most efficient way for thieves to hack a mobile device is by encouraging the user to click on a link that immediately installs malware that can corrupt or steal information.
These phishing links are frequently sent via SMS or email, and although some network and email providers add extra layers of security protection, a good rule of thumb is to never click a link or open an email if you are suspicious of the content.
7. Use Lock Code Vaults
The modern-day professional has any number of different passwords at their disposable, and many store these passwords in their mobile device to ensure they’re not forgotten.
If your device's primary passcode falls into the wrong hands then all your data is at risk, including personal or work-related materials. Vault applications add an additional layer of security by protecting data with a secondary code, and many come with the function of wiping everything after several unsuccessful log in attempts.
8. Only Download Secure Applications
Ensuring that all apps are downloaded from secure sources, such as the App Store or Google Play Store, will help to maintain your mobile devices’ data security.
Apps represent a fertile ground for infection, and if hackers find a security hole in an app, they can exploit it to access all data on the mobile device. Updating regularly, and deleting those applications that are no longer in use, can also help to maintain mobile device security.
9. Don’t Be Tempted to Root or Jailbreak Your Device
Jailbreaking is the act of changing a device's software to remove all restrictions and limitations imposed by the provider. This allows users to install specialized software that has additional functionality and download applications from any number of providers.
However, jailbreaking your device usually involves breaking down the operating system, and the security protocols housed within it, reducing the protective capabilities of your mobile device and making it more vulnerable to hackers.
10. Keep Location Settings Enabled
This is a solution less focused on protecting your device from being stolen and much more concerned about getting your handset back should you lose it. Activating “Find my iPhone” or “Android Device Manager” can allow you to track your device’s location when it’s lost, or, in the event it’s been stolen, you can use these features to remotely wipe data so that it doesn’t fall into the wrong hands.
Keeping mobile devices safe and secure is extremely important within the healthcare industry, and protecting personal data as well as patient information is imperative. These 10 security tips act as a framework to help better protect your mobile device from hackers and other security threats. But to ensure you are as well protected as possible and security continues to be a priority, investing in a full lifecycle mobility management partner is essential.
To learn more about how Cass can help manage large-scale device deployments, including BYOD, within the healthcare industry, contact us today. Alternatively, gain a deeper insight into the global Telecom Expense Management environment by downloading our BYOD Policy Guide.