Mobile Device Security Tutorial

Security for mobile devices differs in different kinds of organizations. Enterprise organizations, for instance, must protect intellectual property, personally identifiable information and proprietary competitive data. IT security standards at most companies would likely require among other things wiping data from lost smart phones, tablets or laptops.

By contrast, K-12 school districts that control access to Internet and network sites and what is stored on mobile devices may not have proprietary concerns. “Typically, this material will be open source — coursework and research in math, history, English and so on,” says Eric Green, director with Atlanta, Ga.-based Mobile Active Defense, a company that develops software to secure mobile devices. “Security for primary and secondary schools has to do with controlling access through username resolution, managing and monitoring how students and staff use devices and ensuring that the devices capable of accessing the district’s network conform to district policies.

“This involves making the devices tamper resistant and creating a system of content filtering that students can’t turn off or change — that’s important because students make up the primary group of cyber attackers in K-12 schools.”

A school IT department should also build a public key infrastructure with certificate authentication, set comprehensive policies and manage the policies carefully, continues Green.

The mobile security structure for the district network should include content filtering that might for instance include blocking hacker sites, gambling sites and pornography sites. Green calls these three good examples of the types of sites that must be blocked — for the network generally. “These three kinds of sites tend to be sites with malicious stuff,” he says.

Management goes beyond blocking and filtering technologies. Green recommends personal intervention with positive and negative reinforcement.

Negative reinforcement might involve calling a student in and telling him or her: You tried to go around a network policy and security precaution that blocks an Internet site. This policy is important to your safety and the safety of other students and teachers using the network. Our security system recorded what you did and reported it. You must change your behavior and abide by security policies or you won’t be able to use the network to access the Internet anymore.

On the positive side, you might tell students that they are moving up a grade and so qualify to access more Internet content. If you handle these new privileges appropriately, we’ll expand access again. “Positive reinforcement gives students incentives to comply with policies,” Green says.

The BYOD variable

Schools that rely on students to bring their own mobile devices have different security challenges. According to Green, one key BYOD policy involves requiring mobile users to access the school’s WiFi instead of using their own mobile and cell networks — IT, of course, can’t block and filter those networks without significant device level controls in place.

“Risks and vulnerabilities arise from the characteristics of particular devices,” Green notes. “For example, Apple iPhones and iPads allow users to delete management controls, while Samsung devices provide real security controls, allowing an administrator to lock devices down and prevent certain actions. In other areas, however, Samsung has fewer management capabilities.”

Bandwidth management

Green also urges IT security directors to track usage throughout the day and evaluate it in terms of available bandwidth. “You can use the content filter and mobile firewall to manage bandwidth, too,” he says. “The risk here is that you use all of your tools to manage security, and the network still goes down because all the kids decide to watch television on permitted sites one afternoon.”

It is beyond the scope of this article to provide a comprehensive treatment of mobile device security, but public key infrastructure, blocking and filtering, comprehensive policies and careful management of online activities as well as bandwidth stand out as key issues to consider.

This article originally appeared in the issue of .

About the Author

Paul Timm, PSP, is the president of Chicago-based RETA Security and is the author of “School Security: How to Build and Strengthen a School Safety Program.” He can be reached via www.retasecurity.com, www.twitter.com/schoolsecurity or www.facebook.com/safeschools1.

Featured

  • Abstract colorful arrows in front of a contemporary university building

    Spaces4Learning 2025 Trends in Higher Education

    With 2025 well underway, it’s time to take a look at some broader trends submitted by you, our Spaces4Learning readership. We asked for your thoughts on topics like classroom design, health & safety, materials & construction, and technology in both K–12 and higher-education environments. Below is a roundup of 2025 trends in higher education from the experts in the trenches.

  • Designing a Performing Arts Center from a PE Perspective

    Designing a top-tier performing arts facility for a high school is a complex endeavor that demands a delicate balance between advanced technical specifications and practical budget considerations. Nevertheless, it represents a crucial initiative that enriches educational and community engagements.

  • Georgia High School Debuts 500-Seat Esports Arena

    Cass High School in Bartow County, Ga., recently announced the opening of a new, 7,000-square-foot Esports Arena, according to a news release. The Bartow County School System partnered with Extron AV Technology on the project.

  • UT-Austin Breaks Ground on 17-Story Business School

    The University of Texas at Austin recently broke ground on a new, 17-story facility that will serve as the new home for the school’s McCombs School of Business, according to university news. The groundbreaking ceremony took place on April 10 for Mulva Hall, which will include amenities like classrooms, academic department suites, research centers, faculty offices, the dean’s office, and gathering spaces.

Digital Edition