NIST NCCoE Releases Mobile Device Security Guide

The National Cybersecurity Center of Excellence (NCCoE) has released final guidance on mobile device security to help organizations secure mobile devices and prevent data breaches.

Mobile devices offer convenience and allow data to be accessed from any location. Not only do they allow healthcare organizations to make cost savings, they are vital for remote workers who need access to patients’ health information. Mobile devices allow onsite and offsite workers to communicate information quickly and they can help to improve patient care and outcomes.

However, mobile devices introduce security risks. Stolen devices can be used to gain access to corporate email accounts, contacts, calendars, and other sensitive information stored on the devices or accessible through them.

There have been many cases where mobile healthcare devices have been lost or stolen causing the exposure of patients’ protected health information. Mobile device security failures have resulted in several financial penalties for HIPAA covered entities, including a $4,348,000 civil monetary penalty for University of Texas MD Anderson Cancer Center in 2018.

In healthcare, securing mobile devices and protecting sensitive data can be a major challenge. To help businesses and healthcare organizations improve mobile device security, NIST/NCCoE developed a Mobile Device Security Practice Guide.

mobile device security guide

Source: NIST/NCCoE

The Guide – NIST Special Publication 1800-4 Mobile Device Security: Cloud & Hybrid Builds – gives practical advice on how commercially available technologies can be used to create an enterprise mobility management system that ensures mobile devices can be used to securely access sensitive information from inside and outside the corporate network while minimizing the impact on the user experience.

By using the guide, organizations can ensure that employees can access vital information safely and security from almost any location, over any network, on a range of mobile devices, while minimizing mobile device security risks.

The guide can be used to securely implement BYOD and COPE deployment models and leverage cloud services to improve security, enhance visibility for system administrators, provide instant alerts about security events, and push policies out to mobile devices and enforce them through operating systems or mobile applications.

The guide includes several how to examples that demonstrate how standards-based technologies can be used in real world situations to reduce the risk of unauthorized data access and intrusions while saving on research and proof of concept costs.

The guide can be viewed or downloaded from NIST/NCCoE on this link.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.