Security Controls for Mobile Salesforce - Best Practices | Exam SY0-601 | CompTIA Security+

Mitigating Risk of Customer Data Leakage on Company-owned Smartphones

Prev Question Next Question

Question

A company is deploying smartphones for its mobile salesforce.

These devices are for personal and business use but are owned by the company.

Sales personnel will save new customer data via a custom application developed for the company.

This application will integrate with the contact information stored in the smartphones and will populate new customer records onto it.

The customer application's data is encrypted at rest, and the application's connection to the back office system is considered secure.

The Chief Information Security Officer (CISO) has concerns that customer contact information may be accidentally leaked due to the limited security capabilities of the devices and the planned controls.

Which of the following will be the MOST efficient security control to implement to lower this risk?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

The company's CISO is concerned about accidental leakage of customer contact information due to the limited security capabilities of the smartphones being deployed for use by the mobile salesforce. To mitigate this risk, the MOST efficient security control to implement would be:

Option A: Implement a mobile data loss agent on the devices to prevent any user manipulation with the contact information.

A mobile data loss prevention (DLP) agent is a software program that runs on mobile devices and helps prevent sensitive data from being leaked or compromised. It provides protection against unauthorized access, sharing, and transmission of data. This security control can prevent data leaks by preventing users from copying, transferring, or sending data outside the device.

However, this option may not be the most efficient because it can be complex and costly to implement, and it can negatively impact user productivity. Additionally, it may not prevent accidental data leakage if the user is not trying to manipulate the contact information.

Option B: Restrict screen capture features on the devices when using the custom application and the contact information.

This option restricts users from taking screenshots of the contact information when using the custom application. This can prevent users from accidentally or intentionally sharing sensitive data by taking a screenshot of the contact information.

However, this option may not be the most efficient because it does not prevent users from sharing contact information by other means, such as copying and pasting or taking a picture of the screen.

Option C: Restrict contact information storage dataflow so it is only shared with the customer application.

This option restricts the data flow so that the contact information is only shared with the custom application. This can prevent accidental data leakage by limiting the exposure of sensitive data to only the authorized application.

This option may be the most efficient because it limits the risk of data leakage while still allowing the mobile salesforce to use the custom application to manage customer information.

Option D: Require complex passwords for authentication when accessing the contact information.

This option requires users to enter a complex password to access the contact information. This can prevent unauthorized access to the sensitive data and can also discourage users from sharing passwords, as complex passwords can be difficult to remember and share.

However, this option may not be the most efficient because it does not prevent accidental data leakage if the user has already logged in to the device and left it unlocked.

In conclusion, option C (Restrict contact information storage dataflow so it is only shared with the customer application) is the MOST efficient security control to implement to lower the risk of accidental data leakage in this scenario.