to Overcome Vulnerabilities in Your DSD Mobile Security Strategy

Whitepaper 

5Ways 

to Overcome 

Vulnerabilities in 

Your DSD Mobile 

Security Strategy

5 Ways to Overcome Vulnerabilities in your 

DSD Mobile Security Strategy 

Introduction 

Thanks to advances in mobile technology, you hold a world 

of information in your hands. Merely a decade ago, the notion 

of holding a full-powered computer in your palm was a novel 

idea. Today, it’s your business partner—and productivity would 

plummet without it. 

Anyone who works in the direct store delivery (DSD) environment 

understands the value in the progression of mobile technology 

and wireless access. The pre-sale environment is increasingly 

defined by low-cost wireless order transmission. And a delivery 

process that used to require 48 hours has been slashed in half, 

driving the market—including your customers—to demand 

faster, more accurate and more cost-effective service. The DSD 

distribution chain, from plants to wholesaler warehouses and sales 

departments, today insists on increased productivity and near 

real-time communications: on-the-spot messaging capabilities so 

products flow to the right places, exactly when they’re needed and 

in the precise quantities desired. 

While the rewards of mobile sales and delivery management 

are notable, there are new risks to consider. In fact, the risks 

related to mobile devices are increasing. There are more and 

more attacks aimed at snooping wireless 802.11 (“WiFi”) 

communications and Bluetooth® technology (a wireless 

standard for short-range data sharing), and an increasing 

number of worms and viruses targeting mobile operating 

systems. Just as viruses, worms, and spyware evolved, from 

targeting floppy disks and spreading through sharing files in the 

1980s to exploiting e-mail and the Web in the 1990s, attackers 

will continue to follow technology wherever it goes. Your 

business needs to have the right defenses in place to protect 

against these threats—malicious viruses, eavesdroppers and 

attack exploits that threaten the integrity and confidentiality of 

your information. 

Networks are built to facilitate the ease of communication. 

They’re based on standards that aim to enable the free flow 

of information and access from anywhere. But this increases 

complexity and makes them quite vulnerable to those who 

would tap in and destroy data—just because they can. However, 

with the right set of tools and proper management, the 

potential for danger can be diminished dramatically. But it does 

take an ongoing commitment to security. 

Because mobile technology leaves the relative security, stability 

and comfort found behind the corporate bricks and mortar, your IT 

department must manage and update handheld systems properly. 

Every effective security strategy and technology that protects the 

core company network and systems can be applied to each device, 

no matter how small, mobile or dedicated its function. 

What You Will Learn in This Report 

This report highlights the five most common vulnerabilities 

that weaken mobile IT security for many businesses, and what 

you should do to overcome them. It underlines the importance 

of establishing a specific mobile security strategy and describes 

the technologies and processes that should be implemented 

to help ensure device connectivity and availability remain high, 

and that the information residing on these devices stays private 

and secure. 

Five Ways to Overcome Vulnerabilities 

in Your DSD Mobile Security Strategy 

1 Lack of a Cohesive Mobile 

Security Policy 

Just as your IT department has security policies in place for 

corporate servers, desktops and notebooks, (such as regularly 

patching software, updating firewall rules and having anti-virus 

protection in place) the same scrutiny must be given to all 

mobile devices that carry and transmit company information. 

The first step is to inventory all mobile devices in the field, who 

is assigned to each, and how they’re being used. The goal is 

to establish a baseline security framework to ensure that the 

devices and information are properly maintained, and that they 

minimize risk to the corporate network and applications when 

they connect. 

Vital aspects of your policy should include: 

• Deciding which devices and/or users will be permitted to 

connect to internal applications and communication servers 

and how they’re authenticated (by the device, assigned IP 

address, and/or username and password, etc.) 

• Establishing policies on password strength (how many 

characters, how many need to be upper-case, the mix of 

numbers and letters, etc.) 

• Determining how data will be protected (encryption, 

password access to the device, etc.) on the device 

• Establishing security during transmission. If you’re relying 

on a private network carrier that encrypts data transmission, 

you may already have this vulnerability solved. If users 

connect remotely from WiFi hotspots, or transmit by 

synchronizing from remote PCs, you’ll want to consider 

deploying a virtual private network (VPN). 

2



You’ll also need formal policies that mandate how and when 

mobile devices will receive application and operating system 

security patches and updates, as well as how they’re protected 

from malicious software, such as viruses, worms and Trojan 

horses. These suggestions are a good starting point. But your IT 

department needs to be your central ally when establishing your 

mobile security policies and strategy. Lean on IT for advice. 

2 Ignoring 

It doesn’t matter how many controls companies put into 

place: data encryption, secure network transmission, anti-virus 

software, strong passwords: all of these can be circumvented 

if employees and contractors aren’t made aware of the risks. 

Lack of understanding is one of the primary reasons why many 

users view security software and policies as barriers that slow 

down their efficiency. The fact is that security actually enables 

organizations to safely conduct business remotely, in ways that 

don’t jeopardize the availability or integrity of information and 

networks. By educating users through e-mail newsletters or 

training sessions, they’ll understand the risks to your business 

when security policies aren’t followed. Few people understand 

the risks associated with mobile viruses, or with connecting to 

the network from a public hotspot or café. Studies show that 

users who experience security training are less likely to visit 

potentially malicious Web sites, share their password with a 

crafty social engineer, or make other security-related mistakes. 

3 Not 

Security Awareness 

Training 

Securing Data in 

Transmission 

How you secure data as it is transmitted to and from your 

mobile devices and corporate applications depends largely on 

the type of network you utilize. If you’re using a private network, 

such as those provided by the major telecommunication 

carriers, your transmissions may be encrypted already and will 

be much more difficult for potential attackers to identify. If 

devices are connecting from external hotspots, the only safe 

assumption is that anyone can access, read and modify what’s 

being transmitted. In addition, if users are connecting to home 

or remote PCs, synchronizing and then transmitting data, that 

traffic also can be accessed easily. In these cases, you’ll need 

to deploy a VPN. VPNs help to authenticate that the user 

accessing your network or applications is legitimate; then, 

all communication that travels between the device and your 

network is securely encrypted within the VPN “tunnel.” Now, 

anyone trying to eavesdrop on the communication will see 

only gibberish because it’s scrambled on the device before it’s 

transmitted and decrypted on the other end of the connection. 

Anyone without VPN credentials is kept out. 

4 Not 

Securing Mobile 

Device Data 

News stories about large corporations, government agencies 

and other organizations losing notebooks, handheld devices 

and removable storage media abound. One of the most crucial 

aspects of your security strategy needs to be putting into place 

defenses that protect not only the device itself, but also the 

information it contains, including user names and passwords 

that could be used to access even more sensitive corporate 

information and network systems. 

First, these devices are easily lost. So, make certain that 

any sensitive information users don’t need isn’t stored on 

handhelds: customer numbers, passwords and sensitive financial 

information. Whatever is confidential and you wouldn’t want 

competitors or business partners to access should not reside 

permanently on the device or persist there any longer than 

necessary. Likewise, whenever upgrading to a new device, take 

care to remove all information before the device is discarded. 

Second, utilizing user names and passwords goes a long way to 

keeping unauthorized users from accessing applications on the 

device. Check with your DSD software provider to see if it offers 

capabilities to centrally manage user passwords. If necessary, 

consider installing third-party software that will enable you to 

centrally manage user names, or PINs, that can be used to lock 

down the device when it hasn’t been used for several minutes. 

Ideally, look for software that provides the ability to wipe the 

device clean after a certain number of invalid login attempts. 

But be careful: these controls need to be centrally managed. If 

users have the ability to set and change their own passwords, 

managers and even the IT team may not be able to access 

information on the device should the employment status of 

the user change. Locking down the device will not protect the 

data if it is stored on removable media. Removable media cards 

can be inserted into another device to gain access to your data. 

Make sure sensitive data is stored in an encrypted format or 

storage card encryption is used. 

At a fundamental level, all wireless communications, including 

Bluetooth capabilities, need special attention. If there’s no need 

for users to share data with other mobile devices, PCs, or cell 

3



phones, consider turning off Bluetooth and WiFi capabilities in 

all devices. Attackers have devised many ways to gain control 

and access Bluetooth- and WiFi-enabled devices. Whenever 

these capabilities are enabled, the device may broadcast its 

presence, making it too accessible to intruders and even mobile 

threats, such as Trojans and viruses. While the threat is real only 

at close proximity, the threat is still real, especially at hightraffic 

locations, such as WiFi hotspots, gas stations, airports, 

train stations and similar locations. When Bluetooth connections 

are necessary, make certain that users connect only to trusted 

devices through a process known as “pairing,” in which known 

users share a PIN to establish device connection. Likewise, turn 

off adhoc connections for 802.11. The bottom line is that your 

software should have the capability to turn off wireless devices 

if they’re not in use to limit availability. 

Finally, some DSD providers offer the ability to remotely 

deauthenticate devices. In the event that a device is lost or 

stolen, and it tries to establish a network connection, the 

data on the device can be removed and all access privileges 

associated with the device revoked. 

5 Not 

Implementing 

Anti-Virus Software 

It’s imperative that your anti-virus and business applications 

are compatible. Check with your IT department to install an 

anti-virus application that is centrally configurable—so every 

device has the same high levels of protection. Well-known and 

established anti-virus software vendors usually are the best 

choice: the software tends to be more easily manageable, has 

fewer compatibility issues, and the anti-virus updates come 

quickly—giving you swift protection from new threats. 

Conclusion 

While DSD mobile initiatives help win more shelf space, provide 

on-the-spot consulting with up-to-the minute information, 

and drive down delivery costs, the security of mobile devices 

on which these capabilities depends can’t be overlooked. You 

and your IT department should approach the security of your 

mobile devices as part of your company’s overall security and 

availability strategy. For more information about providing 

secure DSD capabilities, make sure your DSD vendor can help 

you craft a strategy that enables you to accelerate your business, 

improve sales margins, and cut costs—securely. 

Attackers are increasingly targeting mobile devices. They’re 

crafting viruses, spyware and Trojan horses to spread via these 

devices and infect mobile operating systems. These malicious 

applications can be designed to do everything they do to 

traditional PCs: destroy software and data, and capture sensitive 

information. Most major anti-virus software vendors now make 

security applications designed to protect handheld devices 

from such infestations—and while mobile viruses and snooping 

software aren’t as prevalent today as those aimed at desktops, 

security analysts expect this to soon change. Protecting mobile 

devices from these threats is essential. You need to protect 

these devices whenever they’re synchronizing, connecting at 

hotspots, using Bluetooth, or checking e-mail. 

© 2005-2008,2011 HighJump Software Inc. All rights reserved. HighJump is a trademark of HighJump Software Inc. 

4

to Overcome Vulnerabilities in Your DSD Mobile Security Strategy

Create successful ePaper yourself

Delete template?

Save as template?