Mobile devices are seemingly everywhere – in both our business and personal lives – and their prevalence is only growing. As mobile devices increasingly permeate all facets of life, they also present a growing security risk. Recently, nearly half (47%) of respondents to a Tech Pro Research study indicated that almost all employees use a device for work. And almost as many (45%) named mobile devices as the weakest point in their organization’s security practices.
Why are these devices a top risk? For several reasons: portability, a blend of personal and company-issued devices, a fragmented Android operating system, and expected ramp up in targets to Apple’s iOS.
With the convenience and potential to lower some costs, mobile devices aren’t likely to decrease anytime soon. To bolster your organization’s approach to cybersecurity, follow these tips for mobile security.
Encrypt Data
Wireless communication (or, in layman’s terms, texting or emailing over WiFi) can easily be diverted, and then stolen or altered. Encrypting communication, storage and memory protects you from this manipulation.
Manage Third-Party Software
Limit exposure to breaches or compromise by controlling the third-party software a user can download to a company device. A VPN connection can help to protect exposure when employees access data through personal devices and provide a secure connection between a user’s mobile device and your organization’s servers.
Educate Employees
Although mobile devices can pose a security risk, Harvard Business Review points out it’s not the mobile device that actually poses the risk: it’s the operators of the device. Mitigate this risk by educating everyone on the dangers their practices can pose and the potential impact failing to follow policy can have on both individual jobs and the company at large. Foster a culture of awareness, and encourage employees to report anything they observe that appears risky or suspicious.
Update Software Regularly
Updates to operating systems and individual mobile apps ensure devices have the latest security patches, so the device has as much protection as possible. Expect employees to stay current, or require automatic updates where possible.
Use Anti-Malware Software
Malware targets operating systems, and new threats are constantly cropping up. Requiring users to download a company-approved anti-malware software for any device (even if it is a personal one) that accesses company data can protect against threats. Keep in mind that this software, like all others, will need to remain updated to offer the best protection.
Perform Regular Audits and Security Testing
CIO recommends making an audit an annual process at a minimum and using a third-party security testing firm. An added benefit? This type of firm may also be able to help resolve any issues they uncover in the audit.
Require Two-Factor Authentication
Requiring users to provide more than one form of authentication can cut down on the portable risk mobile devices pose in particular. With two-factor authentication, a user needs to confirm their identity a second time, which guards your company against vulnerability through a lost or stolen device. Although newer devices often leverage biometrics (for example, a user’s fingerprint), authentication can be applied to older devices that don’t offer these features.
Require Password-Lock and Auto-Lock
Another basic defense against lost or stolen device: require basic security practices like password-locked devices, and ensure they auto-lock when activity stops.
Consider Third-Party Products
While today the most common devices on mobile networks are mobile phones, laptops, and tablets, devices are increasingly interconnected. Wearables, smart home systems, and other advances may continue to increase the number of devices added to the network. This continued advancement, coupled with the prolific use of employees using personal devices, means companies are often working with a variety of providers, operating systems and networks to establish a sound mobile security plan. In many cases, a quality third-party product from a company that specializes in security can help equip organizations with a practical, manageable approach to mobile cybersecurity.
