Security Threats of Mobile Devices

Although mobile access is convenient, its use potentially compromises the security of a company’s information system. Several measures can be undertaken to address the security threat imposed by mobile access of an entity’s information. Firstly, the company’s IT department should set up an authentication process that incorporates the use of a mobile device to access a system-generated four-digit PIN that will be used to access the system (Peltier et al. 31). The PIN should be different every time a user requests it. After the user has been authenticated, the next step entails ensuring they access the information resources that are appropriate. This step is referred to as access control, and it authorizes which user reads, writes, adds, or deletes information in the system (Peltier et al. 36). Thus, specific capabilities are assigned depending on the user’s position in the entity.

The other measure that should be employed to secure mobile access is the encryption of a company’s information. Encryption is the process of encoding data once it is transmitted or stored so that only authorized personnel can access it (Laudon et al. 53).  Both access control and encryption entail assigning approved configuration and security profile for every user accessing the company’s system. The IT department should also ensure that a hack-proof firewall is put in place. Firewalls, for instance, protects company’s data by guaranteeing that only users with a specific configuration can access the system (Laudon et al. 43). A firewall also restricts the flow of packets entering and leaving the organization. The company should also set up Intrusion Detection System (IDS) that serves to alert the company when their information system is on the verge of being accessed illegally.

Additionally, Virtual Private Network (VPN) should be created for employees wishing to access the company’s information system from a remote location. The VPN should be accompanied with necessary security measures to ensure that the overall security of the company’s database is not compromised. Ultimately, separate virtual Local Area Networks (LANs) should be created for untrusted devices, the use of wireless peripherals such as Bluetooth headsets blocked, and ensure all information traffic is filtered and audited (Laudon et al. 67).

Works Cited

Laudon, Kenneth C., and Jane P. Laudon. Management information system. Pearson Education India, 2016.

Peltier, Thomas R. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press, 2016.