Mainly, public wireless LAN and private wireless LAN access environment using Wi-Fi and Bluetooth function is very easy to infiltrate malicious code or attack hacking.
To this result, mobile security policy is needed to prevent leakage of corporate information as well as personal damage.
The use of mobile equipment, physical protection, access control, including VPN, encryption, virus policy, internal network and connection security policy should be managed, and security training for users of mobile equipment should be conducted on a regular basis.
Moreover, KR suggests that security procedures should be established during remote work and proper identification, authentication, and access control measures should be established when accessing the internal network via the public network, and recovery and management of access rights and equipment should be completed.
In addition, the classification society prompts smartphone users to follow some rules, to ensure their's and their company's safety:
- Do not download suspicious applications, do not visit untrusted sites;
- Delete unclear or suspicious messages and messages from senders;
- Use the password setting function and change password on a regular basis;
- Always update operating systems and anti-virus programs to the latest version.
Moreover, the company shall establish security policy to control the use of corporate mobile devices and employee owned mobile devices.
Also, each company must define the mobile devices and functions available and identify the devices that are used, as well.
The Korean Register gives examples on a possible Mobile Security Policy Checklist one could provide, to mitigate the risk of attack. For instance:
- Periodically check for vulnerabilities in mobile services (ex. viruses and malicious code vulnerabilities) and keep operating systems and vaccine programs up-to-date;
- Important information is encrypted and stored when processing work through mobile devices. Inevitable cases, the information is deleted after the end of the work;
- Downloading suspicious applications, removing unclear messages and messages from senders, or visiting unreliable sites is prohibited.
Concluding, the corporation ought to prevent mobile devices used by employees from accessing unauthorized access points(Rogue Access Points) that are exploited for malicious code infections or hacking.