Mobile devices are now a common, even primary, work tool. There are thousands of productivity applications (‘apps’) that help get work done more efficiently and while on the move.
But as the saying goes – with great power comes great responsibility! A phone can be lost or stolen, an iPad left behind by mistake. And cyber criminals are always looking for ways to compromise devices to steal personal or sensitive information.
In a business context this is about protecting your commercially sensitive documents, communications and customer data.
Here are 10 ways to secure mobile devices that can be implemented as company policy
1. Put in place polices and educate your staff
Have device use policies in place, especially if staff bring their own devices (BYOD). This should cover physical security (eg laptop leaches) and data security.
Educate your employees on what they should be doing to protect the commercial data on their devices and that they understand what is at stake. Audits can be conducted to ensure good habits are maintained.
Your policy should include the tips that follow.
2. Password protection
It may be a little less convenient to have to enter a password to get into your device, but it is a simple way to frustrate potential snoopers. Set devices so they automatically lock after a few minutes and can’t be used without the password. Don’t use auto-complete features that remember user names or passwords. As with any password, it should not be one that is easy to guess.
You can also put a PIN on SIM cards so that thieves can’t use it another phone to make calls.
3. Source applications from trusted sources.
Avoid downloading apps that are brand new to the market, especially for Android devices. Cyber criminals create apps with malicious code that look legitimate but can create havoc. Don’t download something unless it has several hundred (or even thousand) downloads and positive comments.
Windows phones and iPhones users can only install apps from the Marketplace or iTunes store so you know the app has been digitally signed reducing risk. Android however does not follow the same process.
You could develop a list of ‘approved’ or ‘recommended’ apps that are good and trusted solutions the most common employees work task needs.
4. Protect privacy
Be careful about app settings – do they really need to know the users location? Do you really need to store that personal or payment information within the app?
Even if the app needs certain information, how they store it may not be as secure as one would like. And it can often be provided to third parties (usually for marketing purposes) so information is at risk from poor security practises by any of these organisations.
5. Keep apps and device software up to date
In the same way that desktop software and operating systems should be kept up to date to keep ahead of criminals inventing new ways to attack your system, mobile operating systems and apps must be kept up to date. Apply updates regularly and select automatic updates if available.
6. Use remote tools
Enable remote wipe and use tracing and tracking software. Remote wipe solutions means if the device is lost or stolen any sensitive data can be wiped which restores the device back to factory defaults.
Windows Phone 7 includes a “Find My Phone” feature that can find a lost phone, lock it or wipe it remotely so that no one can get access to the data.
7. Use Wi-Fi networks with care
Wi-Fi should be disabled when not in use to avoid exposing devices to unwelcome connections – it also prolongs the battery life!
If are connecting via Wi-Fi, try to use an encrypted network that requires a password. If using unsecure Wi-Fi, avoid conducting transactions that involve personal or financial information such as online banking or purchasing.
8. Safe clicking practices
Emails with malicious links can compromise a mobile device in the same way a desktop one can. If accessing a site where personal or confidential information will be shared, make sure it has an ‘https’ at the beginning. But this is not foolproof, so make sure you are using a secure network.
9. Protect data
Particularly if employees have sensitive commercial data on their mobile device, use an encryption solution. A Mobile Device Management solution which can be deployed on premise or as a cloud based service provides software distribution, security and service management for mobile devices.
And of course, back it up – check the backup features available with each device, if not using a third party solution.
10. Clean it before disposal or reuse
If a device is sold, reused or recycled wipe any data and remove or erase SIM and SD cards.