Like many federal agencies, the Department of Veterans Affairs has embarked on the journey of integrating iPhones and iPads as mobile solutions. The agency currently has 20,000 mobile devices that includes iPhones and iPads along with some BlackBerries and a small number of Android devices. Despite the range of devices, the VA has been very active in trying to eliminate mobile data breaches and, according to the VA’s director of Mobile and Security Assurance Donald Kachman, the agency’s campaign has been extremely successful.
Kachman credits encryption technologies with as a major factor in that success – 99% of all VA data is now secured around the clock on mobile devices and desktop PCs. The security approach is one that can be a model for any organization.
- When a VA device is lost, a user has one hour to report the missing device to the information security team. The data can be wiped off the device by the team and reinstated if the device is recovered.
- Every device must be encrypted.
- Use the software feature that prevents a screen from being copied, photographed or forwarded.
- Make sure a complex password is used that includes letters, numbers and symbols. Make sure it’s changed every three months.
- Adequate training is essential. The VA requires every employee to go through refresher training every year, and if they run over the one-year deadline to schedule training, they are locked out of the system.
Of those guidelines, one of the most important is the focus on training. Training and user education are areas where many organizations don’t measure up when it comes to rolling out mobile and bring your own device (BYOD) programs.