Add as a preferred source on Google

Mobile Device Security Tutorial

  • By Paul Timm
  • 07/01/14

Security for mobile devices differs in different kinds of organizations. Enterprise organizations, for instance, must protect intellectual property, personally identifiable information and proprietary competitive data. IT security standards at most companies would likely require among other things wiping data from lost smart phones, tablets or laptops.

By contrast, K-12 school districts that control access to Internet and network sites and what is stored on mobile devices may not have proprietary concerns. “Typically, this material will be open source — coursework and research in math, history, English and so on,” says Eric Green, director with Atlanta, Ga.-based Mobile Active Defense, a company that develops software to secure mobile devices. “Security for primary and secondary schools has to do with controlling access through username resolution, managing and monitoring how students and staff use devices and ensuring that the devices capable of accessing the district’s network conform to district policies.

“This involves making the devices tamper resistant and creating a system of content filtering that students can’t turn off or change — that’s important because students make up the primary group of cyber attackers in K-12 schools.”

A school IT department should also build a public key infrastructure with certificate authentication, set comprehensive policies and manage the policies carefully, continues Green.

The mobile security structure for the district network should include content filtering that might for instance include blocking hacker sites, gambling sites and pornography sites. Green calls these three good examples of the types of sites that must be blocked — for the network generally. “These three kinds of sites tend to be sites with malicious stuff,” he says.

Management goes beyond blocking and filtering technologies. Green recommends personal intervention with positive and negative reinforcement.

Negative reinforcement might involve calling a student in and telling him or her: You tried to go around a network policy and security precaution that blocks an Internet site. This policy is important to your safety and the safety of other students and teachers using the network. Our security system recorded what you did and reported it. You must change your behavior and abide by security policies or you won’t be able to use the network to access the Internet anymore.

On the positive side, you might tell students that they are moving up a grade and so qualify to access more Internet content. If you handle these new privileges appropriately, we’ll expand access again. “Positive reinforcement gives students incentives to comply with policies,” Green says.

The BYOD variable

Schools that rely on students to bring their own mobile devices have different security challenges. According to Green, one key BYOD policy involves requiring mobile users to access the school’s WiFi instead of using their own mobile and cell networks — IT, of course, can’t block and filter those networks without significant device level controls in place.

“Risks and vulnerabilities arise from the characteristics of particular devices,” Green notes. “For example, Apple iPhones and iPads allow users to delete management controls, while Samsung devices provide real security controls, allowing an administrator to lock devices down and prevent certain actions. In other areas, however, Samsung has fewer management capabilities.”

Bandwidth management

Green also urges IT security directors to track usage throughout the day and evaluate it in terms of available bandwidth. “You can use the content filter and mobile firewall to manage bandwidth, too,” he says. “The risk here is that you use all of your tools to manage security, and the network still goes down because all the kids decide to watch television on permitted sites one afternoon.”

It is beyond the scope of this article to provide a comprehensive treatment of mobile device security, but public key infrastructure, blocking and filtering, comprehensive policies and careful management of online activities as well as bandwidth stand out as key issues to consider.

This article originally appeared in the issue of .

About the Author

Paul Timm, PSP, is the president of Chicago-based RETA Security and is the author of “School Security: How to Build and Strengthen a School Safety Program.” He can be reached via www.retasecurity.com, www.twitter.com/schoolsecurity or www.facebook.com/safeschools1.

Featured

  • Illinois District Boosts Security at High-School Stadium

    Richmond-Burton Community High School in Richmond, Ill., recently announced that it has completed the redesigned entrance to its high school stadium with a new focus on school security and community engagement, according to a news release. The district partnered with Wold Architects and Engineers on the project as part of District #157’s year-long facilities master plan.

  • LSU Breaks Ground on $200M Residential Project

    Louisiana State University in Baton Rouge, La., recently broke ground on a new residential complex, according to university news. The South Quad residential project will consist of two buildings and add a total of 1,266 beds for freshmen students. The development comes with a price tag of $200 million, and it’s scheduled to open to students in fall 2027.

  • New City School

    Turning Crisis into Opportunity: Transforming New City School

    When New City School in St. Louis suffered catastrophic flood damage in July 2022, the event could have marked a serious setback for the 100-year-old institution. Instead, it became a forward-looking opportunity.

  • iPark 87

    Building a Future-Focused Career and Technical Education Center

    A district superintendent shares his team's journey to aligning student passions with workforce demands, and why their new CTE center could be a model for districts nationwide.

Digital Edition