Smartphones are integral to our lives, so it is natural that they are common in the workplace. It is normal for employees to check work emails on their phones, download attachments and use file sync and share solutions to access work files remotely. But could this productivity driver pose a security risk to businesses and if it does, what security measures need to be put in place?
1. Implement a mobile device policy
This is particularly important if your employees are using their own personal devices to access company e-mail and data. If that employee leaves, are you allowed to erase company data from their phone? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised? If it’s a company-owned device, you need to detail what an employee can and cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent the security mechanisms you put in place.
2. Enforce the use of STRONG passwords, passcodes and fingerprint or facial recognition technology to lock mobile devices.
If smartphones can be unlocked by simply swiping or pressing a button, bad actors will easily gain access to your important data. It is, therefore, necessary to ensure that all employees have the passcodes, fingerprint authentication or facial recognition technology in place to act as the first line of defence for their smartphones.
3. Require all mobile devices be encrypted
Encryption is the most effective way to achieve data security on a mobile device that is lost or stolen. To read an encrypted file, you must have access to a secret key or password that unlocks (decrypts) the data. This will ensure business data is inaccessible if it ends up in the wrong hands
4. Implement remote wipe software for lost or stolen devices
If you find a laptop was taken or a cell phone lost, remote “kill” or wipe software will allow you to disable the device and erase any and all sensitive data remotely.
5. Backup remote devices
If you implement step 4, you’ll need to have a backup of everything you’re erasing. To that end, make sure you are backing up all MOBILE devices including laptops so you can quickly restore the data.
6. Encourage employees to keep their smartphones up to date
Smartphones will often require employees to update operating systems and apps. These updates are vital as they provide fixes for known security vulnerabilities. You should, therefore, encourage employees to activate their update alerts immediately rather than opt for “remind me later.” In fact, this rings true across all devices, out of date PCs, laptops, and tablets will also pose a risk to your business security.
7. Discourage employees from using public WiFi
Public wi-fi networks often say they’re not secure, but many people just ignore this notice or don’t really know what it means. An unsecured network means that someone else on the network can potentially intercept data sent or received by your device.
Cyber Criminals may even set up their own networks in public places, name them something relevant, like “Java”, and then collect user information from all the people connecting to their network (email addresses, passwords, banking details etc.). It’s important that employees are aware of the dangers of connecting to unsecured public WiFi and can protect important business data.
8. Train your employees to be cyber aware
Your employees are your number one vulnerability when it comes to cybersecurity. If they’re not trained on how to spot and deal with potential cyber-attacks, they could easily put your business at risk.
For example, phishing attacks are particularly common whereby cybercriminals will contact your employees, either via email or SMS impersonating a legitimate member of staff. They will do this by imitating email addresses, changing one or two letters or punctuation to make them seem genuine. These emails will then ask employees to perform tasks such as transferring money to their bank account, clicking a link, or downloading malware. They’ll usually impersonate a senior member of staff and place urgency on the task to try and get employees to act quickly without thinking.
These types of attack can be incredibly convincing and without proper training employees could easily mistake a malicious email address for a legitimate one, putting your business at risk of financial loss and reputational damage.
9. Don’t just train employees, test them
Testing your employees’ security awareness will give you an accurate representation of how much they know, and where areas of additional training are required. It is important to go a step further and send simulated phishing emails on a regular basis. These emails will imitate real-life phishing attacks and will be sent directly to your employees’ inboxes. This will accurately test their ability to spot and disregard malicious or spam emails. If employees do click on simulated emails, they will then be notified and automatically enrolled onto additional specific security awareness training videos. This will refresh their knowledge and prevent them from making the same mistake again in the future.
Find out More
While these 9 are a good start, many organizations that are heavily using mobile devices or are handling highly sensitive data such as financial records or proprietary business or client information need to be far more diligent about monitoring and securing all mobile devices.
Schedule a discovery call today with one of our security experts to learn how we can help protect your business. We will also share with you a free copy of our special report that details more security measures and strategies that you need to implement and know about that most IT firms don’t know or won’t tell you.
Protus Agufa
Founder and chief visionary of ANQAD Systems. Protus is a budding change agent, Technology Strategist, a Husband, a Father of Two Beautiful Daughters and part of the body of Christ - not necessarily in that order.