Remember the days when you were handed a BlackBerry on your first day of work? In today's connected world, there's little need for most organizations to spend the money on handing out phones to everyone in the office, as most people these days already have smartphones capable of doing everything needed. This new policy is known as BYOD (Bring Your Own Device).
Mobile security is increasingly important for organizations to address, as the BYOD trend blurs the line between personal and company data. A staggering 84% of mobile users use the same smartphone for business and personal use. This means anyone accessing the internet from their mobile phone or connecting with home and work networks is putting both their personal and their organization's information at risk.
Today I’m looking at three common mobile security breaches and offering six actionable ways to improve your organization’s mobile security.
Three Common Mobile Security Breaches
1) Device Loss and Theft
The most common mobile security “breach” is caused by lost and stolen devices. Leaving your phone in the back of a taxi after a night out is suddenly much more serious if it’s your work and personal phone. A lost or stolen device could put your company data at risk if you don't have good mobile security practices in place.
Malware (the unintentional installation of malicious software) is one of the most common security threats faced by organizations. Malware could take over a phone’s connection, send spam emails, infect other devices, or harvest passwords. Approximately 42% of smartphone users store password and login information within apps on their phones, so a mobile breach would pose a real threat to your organization’s information security should attackers be able to harvest this information.
3) Unsecured Networks
Another danger is the rogue WiFi network. This network will look like a normal network (for example with the same name as the one in your local coffee shop), but in reality has been created by a hacker. Once you use the network, the hacker monitors all your activity and attempts to capture sensitive data like passwords and bank account details.
Six Ways to Improve Mobile Security
As you can see, it's not extremely difficult for someone to hack into a mobile device. In many instances, we're inviting them to steal data if we don't properly secure the device to begin with. As more businesses are adopting this BYOD method, it's important to make sure employees proceed with caution and understand the risks of using their mobile devices for work. Luckily, there are a few simple things you can encourage employees to do if they choose to use their mobile devices for both business and personal use.
1) Use A Lock Screen
It's reported 62% of smartphone users don’t use a password to secure their device. Passwords are the first line of defense against unauthorized access to your phone’s data, so it’s imperative that you follow password best practices to keep your organization's data secure. Using a lock screen and setting your device's security can go a long way in stopping a potential thief from stealing your data. There are a variety of ways to secure your mobile device, including patterns, pin numbers, and standard passwords using letters, numbers, and symbols. Advanced phones now come with fingerprint scanners, facial recognition, and even voice recognition. When setting up your lock screen, follow standard password best practices and don't make it easy for hackers to guess your password.
2) Install Anti-Malware Software
Mobile operating systems are becoming increasingly popular targets for malware, so if you’re using your phone to access the internet, you should install anti-malware software on your device – and keep it updated. This will help to keep your personal and company data safe from malware attacks.
3) Choose Mobile Applications Carefully
When you’re downloading software for your desktop computer, no doubt you’re careful to only download from reputable and secure sources, so why would you take risks when downloading apps for your smartphone? Not all applications are created to the same standards of security. Installing rogue or insecure software even on just a single device can compromise your entire organization’s information security. For this reason, think twice before you install something on your phone. You're not only putting your personal data at risk, but your organization as well.
4) Avoid Unsecured WiFi
It’s important employees know to treat WiFi access with caution so they’re not putting your company’s data at risk. This is particularly relevant to employees who work remotely, who may choose to work from a local coffee shop, or who log on to public WiFi when traveling. Equally, if you’re using the same smartphone for work and personal communication, connecting to the WiFi while you’re out shopping or in a restaurant on the weekend is still a potential security risk to your organization. Employees should ensure their phones don’t automatically connect to WiFi networks, and if possible opt for unlimited data contracts so they don’t need to rely on WiFi.
5) Encrypt Sensitive Mobile Communication
Most experts recommend all mobile communications be encrypted because wireless communications are so easy to intercept. Employees accessing company data from outside of the office should use a virtual private network (VPN) to protect and secure their communications.
6) Create a BYOD Policy
BYOD can offer a number of benefits to organizations, such as lower hardware costs and giving employees greater flexibility in terms of their working hours. However, this is at the expense of your organization’s security. To address the security problems associated with BYOD working, it’s essential that your organization has in place a BYOD policy, outlining the procedures employees need to follow to secure their devices. In the event an employee does lose a phone, there should be an emergency policy in place that will allow you to remotely wipe the phone data if needed.
Mobile device security is only one way to help further protect your organization from online threats. You may want to begin thinking about implementing an organization-wide security awareness plan to educate you employees and download the Essential Guide to Online Security to learn about securing your social media networks, laptop computers, emails, and more.