Mobile devices are now commonplace both at work or home and for businesses; this means increased risk. The increase in malware that specifically attacks smartphones means that an employee who connects an infected device to your network could be making your company vulnerable to attack. So how can business owners reduce the risk from mobile devices? Let’s look at the key ways to ensure that your people aren’t bringing home more than you bargained for.
Produce An Effective BYOD Policy
Most businesses don’t hand out company devices to their staff, which means that in many cases, people are using their own phones and tablets to carry out work tasks and connecting to the business’ WiFi network.
If this sounds like your company, then the first place to start is by having a usable Bring Your Own Device (BYOD) policy. Your policy will cover things like where and when employees are allowed to connect, what they are allowed to do, and what data they can share and download from your network.
There’s a balance to be struck here; whilst the company has to protect itself, it is important to make sure that you don’t send out a policy document that sounds like a robot has written it. Remember that employees are often using their own devices to do work on behalf of the company, so long as security isn’t compromised, a little give and take is suitable.
Limit The Information Shared By Devices
Data security is a hot topic worldwide, and most developed countries have some form of consumer protection, such as GDPR in the EU or Canada’s PIPEDA. This means that companies should already be thinking about how they store, process, and transmit data, and that includes mobile devices.
If you have employees connecting to your systems and then downloading customer information onto insecure devices, you are not only increasing the risk; you could also be breaking the law. Think about ways to limit information sharing between devices so that data can’t be affected by a compromised phone.
Use Technical Controls
It goes without saying that any organization that allows BYOD or provides employees with company-owned devices should have a range of technical protection in place. Firewalls, threat management, spam, and content filtering are all on the required network and data security list. Before you even consider allowing any device to connect, you should have these in place.
Think about directing mobile traffic to specific gateways with customized firewalls and security controls in place — such as protocol and content filtering and data loss prevention tools so that users don’t connect to your main network in a kind of a free-for-all.
Use Alternative Ownership Models
If an employee owns the device, then they can do what they like with it. That means that they are totally within their rights to download as much malware as they choose, and there’s nothing that your company can do about it. However, if the company owns the device, they can mandate who can choose and download apps and software, ensuring that a device is used safely.
Although this means an extra cost for the business in terms of buying and managing a suite of devices, it also means that it reduces risk considerably. Providing a company phone or tablet is also a great selling point when recruiting new people as we all love the occasional freebie.
Encrypting data on your devices sounds like an involved, complicated and expensive thing to do, but nothing could be further from the truth. In reality, most devices nowadays have some form of encryption technology built-in as standard, and all you need to do is to turn it on.
For Windows, Android, and Apple devices, this is as simple as clicking a button. This means that data in the device, whether it be a phone, laptop, or tablet, is encrypted so that it just looks like a random jumble of letters and symbols without the key. Anyone accessing the information will have no chance of using it. In short, encryption is easy to do and costs nothing.
Limit Public WiFi Connections
Companies often spend a lot of time and effort securing their network but forget about one of the biggest sources of data theft – public WiFi. The problem with mobile devices is that they are just that – mobile.
People love the fact that they can sit at the airport waiting to begin their business trip and connect to the company network over the free WiFi that the airlines provide. The problem is, though, that whilst the data is encrypted on your company system and the employee’s phone when it is traveling over the internet, it is unencrypted.
The best way to secure a mobile device in this instance is to provide a VPN connection. VPN or Virtual Private Network is a method of establishing a connection across the internet but encrypting the data before it travels, meaning that snoopers can’t intercept and read your data. It also means that the device is less at risk of picking up any nasty bugs along the way.
The Network connection is totally private and encrypted, meaning that keyloggers and snoopers have no chance of gaining access. Great VPN services are readily available and cheap too, so there really is no excuse.
Plan For Security Incidents
The final piece of advice is to make sure you have a plan for if (when) the inevitable happens. Although we try to make sure that we have all of the technical measures in place to make things safe, it’s never a 100% guarantee, so having a plan in place for when there is a breach is a smart move,
If you are in the EU, then having a data breach notification process is also a legal requirement, so you have little choice. Think about who you would use to restore your systems, where your backups would be held, and how you would ensure that all of your data was correct.
Also, have a method of reporting any data loss to the relevant authorities and the affected customers. You’ll probably never need to use it, but you’ll feel better because it is there like fire insurance.
Data Security Doesn’t Have To Be Hard Work
Mobile devices are an area that, without a doubt, increases the risk of a data breach to the company. Data security shouldn’t be a chore, and with a little forethought and a change to your mindset, it can actually become second nature.
Many of the measures you need to take to secure your mobile devices are cheap or even free and take very little time, so there’s no excuse not to use them. The best thing about securing mobile devices when used on your network is that it makes you feel a lot safer, leaving you to get on with your day.
If you are interested in even more business-related articles and information from us here at Bit Rebels, then we have a lot to choose from.