0

8 Easy Steps to Combat Mobile Device Security Threats

Mobile Device SecurityMost of us love our tech devices and they have made our clinical practice much easier in innumerable ways. However, the use of these devices, including thumb drives, smartphones, external hard drives, tablets and laptops, can pose a serious risk of unintentionally exposing our clients’ personally identifiable information (PII) and protected health information (PHI).

As we increasingly rely on these devices, the risk of privacy incidents continues to escalate. In order to protect our clients and ourselves, we need to maintain constant vigilance against privacy breaches resulting from our use of mobile technology. Experts in the legal, IT, health care and technology fields have offered the following useful tips to keep your protected data secure:

  1. Be sure to configure mobile devices securely.
    1. Enable auto-lock. Require password protection and use complex passwords. It’s best to avoid the use of words and names and be sure to use a mix of upper and lower case letters, numbers and special characters.
    2. Avoid using auto-complete features that remember usernames or passwords.
    3. Configure your browser security settings for maximumprivacy protection.
    4. Enable remote wipe. Set up remote wipe processes that will “brick” (fully erase) the entire device when it is lost or stolen, rather than just wiping any encrypted data from the device. Be sure to back up all data maintained on the mobile device so in the event the device is lost or stolen, bricking of the entire device will not result in the permanent loss of critical data.
  2. Use encryption.
    1. All mobile devices and other media, such as USB drives, should be encrypted.
    2. Consider security options when shopping for your mobile devices. Some devices may offer more a higher level of data protection than others at the same price point.
    3. Don’t leave your laptop in “sleep mode” when not in use. Because sleep mode renders encryption ineffective, always do a complete shut down when your computer is going to be idle for a while or it you are going to transport it. Most users don’t realize that a laptop that is lost or stolen while in “sleep” mode is completely unprotected.
  3. Protect all mobile devices from malware, viruses and malicious applications and use anti-malware software when available.
    1. Install and auto-update anti-virus software and maintain up-to-date security signatures and engines.
    2. Consider purchasing cyber liability insurance.
    3. Avoid risky behavior. Don’t download applications and free software from unsanctioned sites. Keep security settings at the highest levels possible. Encrypt all data in transit. Promptly report and wipe any lost or stolen devices that may contain confidential and sensitive information. Use caution when opening e-mail and text message attachments or clicking on links.
    4. Be aware of current threats affecting mobile devices.
  4. Securely manage Wi-Fi and other wireless features.
    1. Only connect to secure Wi-Fi networks.
    2. Disable Bluetooth, infared or Wi-Fi when not in use.
    3. Set Bluetooth-enabled devices to non-discoverable mode whenever possible to render them invisible to unauthenticated devices.
  5. Update mobile devices regularly.
    1. Keep your software, including operating systems, mal-ware protection and applications, up to date. Enable automatic updates when available.
  6. Take appropriate physical security measures to prevent theft or enable recovery of mobile devices.
    1. Handle all mobile devices containing PHI using the same security precautions as any other medium containing confidential patient data.
    2. Never leave your mobile device unattended.
    3. Report lost or stolen devices immediately.
    4. Regularly back up all up data maintained on a mobile device for easy restoration in the event of loss.
    5. Cable locks can be used to secure laptops.
    6. USB locks can be installed on computers to prevent unauthorized data transfer through USB ports or thumbdrives.
    7. Install tracing and tracking software to locate your device in the event it is stolen or lost.
  7. Appropriately dispose of mobile devices that will no longer be used.
    1. Completely delete all information stored on a device prior to discarding, exchanging, or donating it.
    2. Consider using a professional service to sanitize discarded devices. Reputable services will guarantee that all sensitive or confidential data has been removed from the device prior to disposal.
  8. Develop a proactive mobile data security plan for your practice.
    1. Take your cues from the financial services industry. Mange PHI data on mobile devices with the same level of protection you use to manage secure financial data.
    2. Have a written mobile data security policy.
    3. Revise your mobile data security plan as new technology and security options become available
    4. Educate all employees and end users regarding appropriate data security.
    5. Include mobile data security training as a standard part of the HIPPA training you provide all employees of your practice.

Rate this post!

(1 raters, 5 scores, average: 5.00 out of 5)
Jill Squyres, Ph.D.

Clinical psychologist providing office-based services in Colorado’s Vail Valley and internet-based psychotherapy via secure teleconferencing to high functioning individuals with mood disorders, anxiety, stress, relationship concerns and health problems. Also provide counseling, coaching and mentoring services to enhance healthy living, satisfying relationships, career success, and personal growth and effectiveness. Available for media interviews, public speaking and consultation in stress management, healthy lifestyle, organizational effectiveness, enhancing productivity, team building, interpersonal dynamics, work/family balance, personal growth and success, coping skills training, parenting, relationship skills, problem solving, values clarification, career counseling and psychological issues in social media/internet use.


Leave a Reply

Name and email are required. Your email address will not be published.