Monday, May 09, 2011

Change in Default Mobile Security Stance and Mobile Device Acceptable Use Policy

Mobile Device Security Stance Change

Following recent notification from one of the servers we manage that an attempt was made by a rogue mobile device to connect to it we have changed the default security stance of all Exchange and Small Business Servers when it comes to Mobile devices.

By a mobile device I mean a mail enabled mobile phone or an iPad or similar slate device. Heretofore, the default security stance was to allow these devices to connect and then attempt to authenticate. However, given that mobile device connections are now becoming a favorite target we have decided to modify the default security stance of these servers and disable all mobile device connections for all users that are not specifically authorized by you to make such a connection. This will reduce the risk footprint considerably for all servers.

We have completed this work and will be sending you a list of mobile devices that have made connections to your servers and the user account that they are associated with. We will be asking you to verify that you have approved these connections. If you have not approved these connections we have two ways to proceed: disable the device from receiving future email, calendar, contact lists from the server or disable the device from receiving future email, calendar, contact lists from the server and wipe it of the data that it currently holds.

Mobile Device Acceptable Use Policy

On a related note our client, Community Legal Resources, recently distributed a large number of mobile devices to their employees and developed a well thought Mobile Device Policy. They have agreed to make this policy available to all of you in boilerplate form for your use. I would strongly encourage everyone to implement a mobile device acceptable use policy sooner rather than later. These devices are holding a significant amount of your companies corporate data and intellectual property and an acceptable use policy can help you secure it. I have made this document available to you via download from a new Sharepoint site that we have created to hold documents that we think you will find useful. Please download the policy and modify it for your individual business needs.

The website is ssl, username and password secured. Please ask or send an email to your technician for the account information.

I hope that you will find this boiler plate and the site helpful.

Labels: , , , , ,