Before the worldwide normalisation of smartphones, mobile security was not a major consideration for the vast majority of business leaders. But today, they are a significant issue for cybersecurity, which is one of the most important considerations of the digital age. But there are still many businesses that fail to protect against the risks of employees using personal smartphones for work or company smartphones for personal use.
A recent study by TrendMicro of 13,000 remote workers around the world found that as many as 39% used personal devices to access company information. Moreover, 36% lacked basic password protection on their personal devices. Threats to mobile devices are on the rise, so organisations need to train their employees in safe practices and invest more in mobile security.
What are the most important mobile security measures?
Device Protection Policies
One of the simplest measures you can take is to establish a corporate device protection policy. This will provide your employees with a standard of the expectations of best practices for mobile security. It will also detail the consequences of breaking these rules. Cover all your bases by addressing the use of both company devices and personal devices. Consider the following tips when creating your company device protection policy:
- Be very clear about whether personal devices will be permitted at work. If they are, create a Bring Your Own Device (BYOD) policy and consider the types of activities and devices that you will permit.
- Create a list of applications and software that are vetted and deemed safe. This can increase device security whilst reducing lost productivity. By keeping insecure apps out of the workplace, you will decrease the chances of mobile malware becoming a problem.
- All employees (and visitors) should be made aware of how you monitor their devices and activities. Monitoring is a good protective measure and will motivate employees to stick to the rules. Be transparent about these policies to avoid distrust and use it as an opportunity to foster a culture of cybersecurity as a team effort.
Implement Mobile Device Management Software
To strengthen security, make use of mobile device management (MDM) software. This is a powerful tool for separating the business from the personal for employees. Simultaneously, it provides a range of security measures for their devices.
A cloud-based solution is likely to be less expensive and simpler to manage than an on-premises solution. There are certain key features that you will want to be included, such as:
- The ability to view devices information.
- Management and updating of apps.
- Configuration of devices.
- Creating restrictions for devices usage.
- The power to wipe devices remotely if necessary.
Wherever possible, implement MDM software with the capability to enforce company security measures across devices. Think data encryption, strong passwords and establishing containers that separate company data from personal information.
Use Robust Passwords and Authentication Measures
With so much business-critical data kept on mobile devices, you need to ensure every employee restricts access to those devices. This data cannot be made available to unauthorised users. Passwords – when done correctly – are a simple and very effective way of restricting access to devices. The following 5 tips are a good guide to making this work for you:
- Password protection should always be on. Screenlock passwords, PINs, fingerprint/face unlock – these are measures available on all modern devices and they must be switched on.
- Use best practices for setting up long passwords that are difficult to guess, particularly for devices that use fingerprint or face unlock.
- Use Multi-factor Authentication (MFA). Also known as 2-step verification, this is an important feature for accessing accounts. It adds a depth of security for minimal extra effort. The factors at play usually include entering a password followed by an additional method, such as a one-time passcode sent to your smartphone.
- Avoid predictable passwords. Establish guidelines for creating passwords that encourage your employees to set passwords that will be difficult to guess. Avoid common passwords and follow advice on how to generate non-predictable passwords. Moreover, password sharing should never happen in the workplace without a password storage and sharing tool such as Lastpass.
- Never keep default passwords. All of these should be changed as they will be easy for hackers to guess. Ensure devices are checked regularly to detect and change default passwords.
Take Advantage of Antivirus Software
Malicious software (malware) is specifically designed to attack your organisation’s software. Viruses are the most well-known form of malware, infecting legitimate software and causing all manner of problems. The first thing you should do to combat this is to install and activate antivirus software. For smartphones and tablets, this can be a bit different to laptops and computers. In fact, for many smartphones, it may not be necessary. Make sure you are aware of the right approach for your devices and do it.
Other best practices for avoiding malware include:
- Preventing staff from downloading apps from outside manufacturer-approved stores.
- Controlling the use of USB drives and memory cards.
- Keeping the firewall switched on to protect against external networks.
Keep Devices & Software Up to date (patching)
Keeping company devices up to date is essential for many reasons, not least that it helps boost cybersecurity with the latest patches and security upgrades. Updates can fix software bugs, boost security and even improve the performance of your device.
Businesses often fail to keep up with regular software updates, particularly on mobile devices. Procrastination on this front can lead to mobile malware finding its way onto devices. In some cases, this leaves you vulnerable to a cyberattack that could be really damaging.
Be sure to check that automatic updates are enabled on all devices. If you are prompted to apply an update, make sure it is done within a few days. A policy of regularly checking the status of apps can also be important, as all applications get their own updates separate from the broader device updates. It is not difficult to keep on top of this, and the benefits can be many.
When looking through the research on device security in businesses, it’s somewhat alarming to see that company data is often out there on mobile devices, unprotected and susceptible to threats. Data breaches can be extremely damaging to a business, especially where personal customer or employee data is concerned. It can lead to immense fines that could put you out of business for good. Cybersecurity breaches are a real threat, and no business is immune, big or small. The scale of the problem is apparent when you read our Cybersecurity Review 2022.
Device protection should be a key consideration in your business. Even starting small with a device protection policy and some basic cybersecurity measures will help protect yourself and your business data.
Why choose Eventura as your cybersecurity partner?
With over 20 years experience in cybersecurity and device protection, we know our stuff. Our team of cybersecurity experts can complete a full audit of your business and identify any areas of weakness, which could leave you vulnerable to cyberattacks.
We were even mentioned in the Governments National Cyber Security Centre (NCSC) Annual Review 2020 when we were chosen to test their “Exercise in a Box” designed to help small businesses prepare and respond to cyberthreats. You can read the article here.
There is a common misconception that cyberattacks don’t happen to SMEs but this couldn’t be further from the truth. With our expert knowledge, we can help you protect your business’s future from the ever increasing threat of cybercriminals.
If you would like to speak to one of our cybersecurity experts or request a cybersecurity audit, you can request a free call back here.