When it comes to mobile device security, it’s easy to play the ostrich and leave this responsibility to the manufacturer or the user. Devices with access to enterprise data, even when they’re employee-owned vs. enterprise-supplied, can be compromised relatively easily, and thus, must be secured.
Do your employees use mobile devices to contact your customers or partners?
Do they access or save customer data onto their mobiles?
Do they take their phones, tablets and laptops out of the office?
If the answer to any of the questions above is positive, you need to revisit your mobile data security policy, or create one if you haven’t done so already. Otherwise, your corporate, customer and partner data stand the risk of being compromised at any given time through an unsecured mobile device.
Iron-clad enterprise security policies
Modern IT departments are expected to be true magicians who can do it all – build and maintain infrastructure, connectivity, hardware and software systems, protocols, policies, cybersecurity, while they also stay up-to-date on the latest developments in all these fields. In reality, these teams are often overwhelmed with requests and their knowledge isn’t always fresh.
Staying on top of the latest information technology and cybersecurity trends, standards and requirements requires a large team of narrowly profiled experts in a variety of fields – something even large enterprises don’t always think they need or want to invest in. Due to these considerations, it’s usually easier for corporates to outsource these functions to outside teams or firms which specialize in such operations and as such are required to stay on top of ever-changing criteria. Some questions that need to be answered whether outsourcing mobile device security or handling it in-house, include:
· Can you lock down or erase a mobile device should it become lost or stolen?
· Who is responsible for potential data breaches in such cases?
· Can employees use work devices for personal purposes?
· Will you control or restrict the applications and services they can download, install and use?
· Who will manage the updates on your teams’ devices?
· Does a legal framework governing all these issues exist or does it need to be created, distributed and signed off on?
Training your teams to secure their data
A great security polity starts with educating your employees. Even if they are technically savvy, they might not know how to avoid common security traps. Annual in-person or video trainings, at minimum, can help drive awareness about mobile security issues, minimize potential threats and aid with policy adoption and crisis aversion.
Tips for keeping mobile data safe
So, what are some of the basics we all need to keep in mind when using our mobiles to access any proprietary, secure or sensitive data?
1. Lock your phone
This should go without saying but unlocked phones are at a major risk for getting personal, financial, legal and/or corporate data stolen or misused. Implement an enterprise-wide auto-locking policy on all devices that access data.
2. Stick to official apps
There are loads of unverified, insecure, malware- or phishing-laden mobile apps out there, especially for the Android OS. Before downloading and installing any suspicious games or other apps that aren’t in the official Apple App store or Google Play store, be sure they were developed by a trustworthy publisher. Do your research and when in doubt, pick a reliable alternative.
3. Install an antivirus app
Some mobile users mistakenly believe that anti-virus programs are just for desktop computers, which couldn’t be farther from the truth. To avoid falling victim to the increasing amount of Android malware, consider using a mobile anti-virus app, such as Bitdefender, McAfee or Avast Mobile Security. Some of them are completely free.
4. Turn off wireless connections you’re not using
Any wireless network that you’ve connected to in the past but you no longer need is a security risk and should be permanently banned to auto-connect your device (or ‘’forgotten’’ as is the term in iOS). If you don’t need it, it shouldn’t have access to your device, period.
5. Beware of phishing
6. Use VPN to connect
Public mobile device wifi connections are unsafe and easy to hack, so if you’re going to be accessing any data that needs to stay private, it’s best to use a VPN app before doing so. NordVPN and TunnelBear are two of the most popular ones available.
7. Keep your most valuable data safe
If you’d rather take no chances with your personal or corporate assets, it’s best to avoid keeping or accessing unencrypted data on any mobile device, whether it’s through wifi or 4G. Even with secure connections there is a small chance of having transactions intercepted and data – compromised.
What is GDPR and what does it have to do with you?
The General Data Protection Regulation (GDPR) is a European-wide directive, aimed at providing data protection and privacy for citizens of the European Union. It addresses the usage and export of personal data outside the EU and gives back control to the users. Although its official enforcement date of May 25, 2018 has meant that many businesses have had to promptly revise the way they collect, store, update and destroy users’ personal data, GDPR’s application is ultimately going to make the handling of private data safer. Is your organization GDPR-ready?
Copywriter: Ina Danova