If your company uses mobile devices to conduct company business, such as accessing company email or sensitive data, pay close attention to mobile security and the potential threats that can expose and compromise your business networks. This section describes the mobile threat environment and the practices that businesses can use to help secure devices such as smartphones, tablets and Wi-Fi enabled laptops.
Many organizations are finding that employees are most productive when using mobile devices, and the benefits are too great to ignore. But while mobility can increase workplace productivity, allowing employees to bring their own mobile devices into the enterprise can create significant security and management challenges.
Data loss and data breaches caused by lost or stolen phones create big challenges, as mobile devices are now used to store confidential business information and access the corporate network. According to a recent survey by Internet security firm Webroot, 73 per cent of respondents were “extremely concerned” or “very concerned” about loss of company or customer data on company-owned mobile devices. Sixty-nine per cent were “extremely concerned” or “very concerned” about malware infections and 61 per cent about lost or stolen devices. It is important to remember that while the individual employee may be liable for a device, the company is still liable for the data.
Top threats targeting mobile devices
Action Items
A few simple steps can help ensure company information is protected. These include requiring all mobile devices that connect to the business network be equipped with security software and password protection, and providing general security training to make employees aware of the importance of security practices for mobile devices. More specific practices are detailed below.
1. Use security software on all smartphones.
Security software specifically designed for smartphones can stop hackers and prevent cyber criminals from stealing your information or spying on you when you use public networks. It can detect and remove viruses and other mobile threats before they cause you problems. It can also eliminate annoying text and multimedia spam messages.
2. Make sure all software is up to date.
Mobile devices must be treated like personal computers in that all software on the devices should be kept up to date, especially the security software. This will protect devices from new variants of malware and viruses that threaten your company’s critical information.
3. Encrypt the data on mobile devices.
Business and personal information stored on mobile devices is often sensitive. Encrypting this data is another must. If a device is lost and the SIM card stolen, the thief will not be able to access the data if the proper encryption technology is loaded on the device.
4. Have users password-protect access to mobile devices.
In addition to encryption and security updates, it is important to use strong passwords to protect data stored on mobile devices. This will go a long way toward keeping a thief from accessing sensitive data if the device is lost or hacked.
5. Urge users to be aware of their surroundings.
Whether entering passwords or viewing sensitive or confidential data, users should be cautious of who might be looking over their shoulders.
6. Employ these strategies for email, texting and social networking.
8. Ensure all devices are wiped clean prior to disposal.
Most mobile devices have a reset function that allows all data to be wiped. SIM cards should also be removed and destroyed.
Looking for a way to protect your business, information and customers against growing cyber threats? Get your free copy of our Cyber Liability Toolkit!