It’s a mobile phone world. For most of us, they’re the last thing we look at before bed and the first thing we check in the morning. Personal mobile devices go with us to work and help make the day more productive. For employers, these devices justifiably cause big cybersecurity concerns.
Yet, the mobile phone is fast tracking its way into almost every business. IT professionals believe that mobile devices will impact their organizations as much or more than the Internet did in the 1990s. Future predictions indicate there’s no stopping acceleration of this trend.
Security worries are top of mind.
- Gartner Inc., an international information technology analyst, predicts that by 2021, 27 percent of corporate data traffic will bypass perimeter security and flow directly from mobile and portable devices to the cloud—leaving a gap in security and compliance that is not met by traditional solutions.
- The Wall Street Journal reports that the presence of mobile malware designed to steal banking credentials is on the rise.
- Healthcare recent studies show three-quarters of all providers use their smartphones as part of their practice. While they take care to comply with HIPAA regulations in their conversations, emails and other interactions, care providers often don’t extend that caution to their mobile devices.
Know mobile phone vulnerabilities.
Use of smart phones, personal cloud services, external hard drives, and USBs means sensitive data can not only make employee search and sharing of information difficult—but allow data to walk right out your door.
Mobile devices also allow business communication through social applications like Twitter direct messaging, Facebook Messenger and LinkedIn inMail. While easier to regulate, they may not comply with your organization’s security infrastructure.
Hackers watch all the trends and take full advantage of finding ways to make money off the unwary. With the use of inexpensive equipment, they can gain access to a mobile phone in less than 30 seconds and see everything on the phone, or install malware they can use to siphon off data and use it anytime they choose.
Mobile security risks most generally come through:
- Hackers gaining physical access to the phone.
- Malware. Tricking phone users into accepting what a hacker is selling. (Most used are spam, weaponized links on social networking sites and rogue applications.)
- Attacks on the device itself designed to get access to the data.
- Bad actors gaining information through Wi-Fi enabled phones.
- Insider threats from smart phone mishandling such as downloading apps with threats attached or poor use of cloud services that can allow business data to leak.
Some security measures can be done in-house.
Implement 4 basic mobile phone controls quickly by:
- Knowing what devices are being used and making sure they are registered and authorized.
- Assigning a PIN or pass phrase that allows access to the device.
- Remotely being able to lock and wipe the device.
- Encouraging employees to quickly report lost or stolen devices so they can be locked and wiped.
Add policies and training to protect you and your employees:
- Require employees to waive all liabilities in case you must lock or wipe their device.
- Have accepted policies that let employees know what is prohibited, such as using devices that have software restrictions removed.
- Provide security awareness training about the risks associated with mobile devices.
For advanced protection consider mobile device management.
Key to mobile device security is having the right technical and risk management controls within your organization. Typical mobile device management includes:
- Maintaining a complete separation of corporate and personal data.
- Enforcing corporate policy by providing control over all aspects of the phone.
- Providing a wide variety of reports that focus on deployment, utilization, software inventory and system versioning.
Mobile device security experts can also help:
- Evaluate network connections and make sure they meet authentication standards and protect against virus, malware and spyware. (Your most secure data should be extremely limited and not accessible by mobile devices.)
- Do regular risk assessments on hardware and software changes.
- Determine and communicate acceptable use of privately owned devices.
- Assist with developing mobile phone and BYOD best practice initiatives that maintain security and improve productivity.
- Keep you updated on the constantly evolving technology and its risk factors. For example, just securing an employee’s mobile device is not enough because they’re constantly upgrading and changing phones. Securing mobile device usage is also needed at the cloud application level.
Finally, don’t think you’re too small to hacked. Clear indications show hacking of smaller companies is a growing trend. Small businesses are low hanging fruit cybercriminals often use to stalk larger companies.
It’s a mobile-first world.
While mobile device threats are increasing, and can result in security breaches, data loss and compliance violations—it doesn’t have to happen in your organization. Mobile device management can give your organization the confidence and support needed to help keep users happy and your business competitive and thriving.