With the increasing power of mobile devices and the number of employees working remotely on the rise, your company must also recognize the importance of protecting sensitive company information on these devices. Your small business wants to enjoy the benefits of remote working, including happier and more efficient workers and lower infrastructure costs, but you also need to take the necessary actions to avoid the potential security hazards of using mobile devices.
In this blog post, we will summarize how your company can continue to enjoy the benefits of remote work while effectively protecting your sensitive information on mobile devices.
Physically Secure Your Mobile Devices
A recent study by the Ponemon Institute reported the sobering statistic that 46% of organizations experienced a data breach because of a lost or stolen mobile device. With the increased usage of mobile devices for work, there must also be a stronger emphasis of the importance of physically securing each device. This means that employees must maintain their devices on their person and always store them in physically secure locations safe from both criminals as well as curious children.
Each mobile device should be locked with a password or a secure PIN that is time sensitive. This feature should automatically protect a device after a short period of inactivity. Most cell phone providers also offer a feature to remotely lock down or even erase information on a device if it is lost or stolen. Many also offer a feature that orders a phone to erase any stored data after a certain number of failed login attempts.
In addition, all employees should note each device’s identifying information such as serial numbers and the date and place of purchase. This information will be useful for tracking down or identifying any device that has been lost or stolen.
Ensure Adequate Protection Against Cyberattack
Although mobile devices are just as vulnerable to cyberattack as traditional networked computers, far too many of them do not have adequate antivirus protection. One recent study found that less than 20% of mobile devices have adequate antivirus software installed, which makes them an inviting target for skilled hackers. Your company should make certain that all devices are properly protected with the most updated antivirus programs.
It is also recommended that users not install third-party applications on their mobile devices, as this can allow malware to be introduced to the device and the company’s network. Only authorized apps should ever be downloaded onto mobile devices.
In addition, most experts recommend that users carefully control their devices’ abilities to accept open Wi-Fi and Bluetooth signals. Cybercriminals in public places often take advantage of these features to eavesdrop on mobile devices and access sensitive data. Some experts recommend completely disabling these features as well as GPS capability to prevent hackers from obtaining useful information for a potential cyberattack.
Prepare and Implement a Strong Mobile Device Use Policy
A mobile device use policy is a set of guidelines that explain how employees are allowed to use mobile devices concerning company data. Within these guidelines, the company should describe the type of mobile devices that are permitted, the required security protocols to use to prevent data breaches and the loss of the devices, necessary password policies and encryption methods, and any additional information specific to the company’s type of business or clients.
Every employee should be trained and tested in the use of this policy before being authorized to conduct company business on mobile devices.
Prepare and Implement a Comprehensive BYOD Policy
An option contained within a company’s mobile device use policy is the possibility of employees using their own personal mobile devices for company business; this arrangement is known as “Bring Your Own Device” or BYOD. Some companies and organizations have determined that their data is too sensitive or complex to allow an employee to use their own devices to perform company work, so they do not permit BYOD.
If your company does decide to allow BYOD, we recommend you take the time, in cooperation with your trusted IT Support partner like Network Depot, to prepare a reasonable BYOD policy that allows your business to take advantage of remote work but also ensures the proper level of protection. All employees should be well trained on how to properly and safely use their own devices for company work and should know the proper procedures to follow if their device is breached, lost, or stolen.
One important aspect of the BYOD policy is to have steps in place to ensure that all company data is wiped or returned to the business when the employee no longer works for the company. The company should also retain the ability to remotely wipe or lock sensitive data on an employee’s mobile device in order to protect against any malicious actions as a result of termination or other events.
Take Advantage of Security Features and Data Encryption
Most mobile devices have advanced security features and encryption capabilities in place that should be properly utilized in personal and professional use. Some of these features we have already mentioned such as auto-wipe, device lockout, passwords, and PINs. Experts also recommend the use of unlock patterns with at least five points for additional security. They caution that users should keep their mobile device screens free of smudges in order to prevent criminals from determining passwords, PINs, and unlock patterns.
Have Robust Backups in Place
As discussed in our previous blogs on cybersecurity, the final protective measure for company data is provided by the use of data backups. With an automated program that comprehensively backs up your sensitive data on a regular basis, your company can rest easy whether using traditional workstations or mobile devices. In the event that there is a data breach or the mobile device is lost or stolen, the data contained on it can immediately be recovered and operations can be quickly restored. It is particularly important to have this backup ability when your company employs the auto-wipe option, as sensitive data can be quickly erased or locked out for a variety of reasons.
In summary, we recommend that your small business follow these suggestions and consult with a trusted IT Support partner like Network Depot to prepare a comprehensive mobile use policy, which incorporates all the requirements of your unique business. If you take the time to prepare your company and employees to safely and effectively use mobile devices, your business should be able to reap the many benefits of remote work with the confidence that your sensitive data is secure.