Companies often don’t consider mobile device security when they think about protecting their business. In this article we’ll discuss why you should take mobile device security more seriously, and what your business can do to ensure that your users’ devices are secure.
With today’s demands for a connected digital workplace, our smartphones and tablets can now access most, if not all, of the sensitive business information that computers can. They are connected to our company networks and have access to custom apps. They are also a critical component for multi-factor authentication (MFA) which is a critical security control in today’s threat environment.
Follow these important steps to ensure your mobile devices are secure:
- Ensure a passcode and other authentication features are enabled
- Configure mobile devices to remote wipe in case they are lost or tampered with
- Treat mobile devices like you would any computer – protect them from malicious attacks by updating them often and training your users
- Document and formalize your mobile device security strategy
- Easily manage and enforce mobile device security with a mobile device management (MDM) system
One of the most common security risks to our mobile devices is not hackers, but ourselves.
These small portable devices that have become indispensable. They go everywhere with us and are easily forgotten. We might put it down during our Uber ride, leave it on the bus, forget it at a restaurant, or have it stolen from our purses or backpacks.
Ensure that a passcode is enabled, as well as other authentication features like fingerprint or face recognition.
This should be set to always be required when accessing your device. In many cases enabling a passcode will also ensure that the device is encrypted, but if not, this needs to be enabled as well. Additionally, configure devices to automatically remote wipe after a certain number of failed logon attempts. Ensure that you have the ability to remotely wipe an employee’s phone should it be lost or stolen as well.
Mobile devices are subject to malicious attacks like any computer.
One of the most common ways to compromise a company is email phishing, and mobile devices have an added risk through smishing.
Smishing is when criminals try to convince you to click on a malicious link in a text or SMS message. Our security team saw many fake text messages related to COVID-19 over the last 6 months. These messages try to use fear or the promise of money to trick us into clicking. The link could install malware on your device, or a password logger or other trojan, or take you to a fake website asking for your account and password.
Related Blog: 4 New COVID-19 Related Scams
Just like any computer, mobile devices need to be kept up to date.
Vulnerabilities are continually discovered and need to be remediated with updated operating systems or apps.
Another important note – make sure to test updates on a small scale or a development environment before rolling out any organization-wide changes.
Train your users on mobile device security.
Your mobile users need to be trained about the security threats to mobile devices so they can spot fake or malicious messages. Awareness programs should not only cover what threats to look out for, but also how to keep devices physically safe.
Here are some questions to ask when building a mobile device security awareness program:
- What usage is acceptable for a corporate device?
- What mobile apps should be installed?
- What are the risks of connecting to public, unsecure, WI FI?
Document and formalize your mobile device security strategy.
To tie everything together, start with a defined policy for mobile usage that outlines your company’s requirements and expectations when it comes to using and managing mobile devices.
Easily manage and enforce mobile device security with a mobile device managements (MDM) system.
From a manageability perspective, using a mobile device management (MDM) system, Microsoft Intune for example, is the best way for organizations to manage and enforce requirements.
Having an MDM solution as part of your mobile device security strategy will allow you to:
- Deploy software and updates
- Control user access to your applications and networks
- Ensure the desired settings are enforced on the device
- Allow you to manage everything from one centralized spot
By following the mobile security tips above, you can help ensure your users aren’t tapping or swiping on anything that will put your sensitive business data at risk.
Ready to improve the mobile device security of your business? Contact Us
Author Spotlight: Scott Anderson, Manager, Compliance
For over 20 years, Scott has lead compliance risk assessment practices for Canadian businesses. As a compliance expert, Scott is crucial in discovering future potential risk sources, while keeping the business compliant with constantly evolving regulations and privacy laws.