While mobile devices allow employees to work from various locations, their mobility makes them susceptible to loss and theft. Recent data indicate that mobile devices are under increasing attack by cyber-criminals exposing them to such risks as theft and introduction of malicious software, potentially disclosing sensitive information.
Given these vulnerabilities, the National Institute of Standards and Technology recommends agencies fully secure each mobile device before allowing a user to access it. Further, organizations should have a mobile device security policy to define what information employees can access with these devices.
The purpose of our report was to determine whether the Social Security Administration’s (SSA) mobile device security conformed with Federal standards and business best practices to mitigate unauthorized access to the Agency’s sensitive information.