Today’s mobile devices offer lots of tangible functions and opportunities to accomplish more, whether you are an executive on the go, a field service worker, project manager, sales rep, or in any other occupation. Mobile phones give you unlimited access to enterprise files, applications, and your own personal files.
However, the proliferation of mobile devices has also introduced new security risks for organizations of all sizes. Smartphones and tablets are not only increasingly prone to the same threats as personal computers, but they are also easily lost or stolen. In fact, recent research conducted by Webroot in the United States, Australia, and the United Kingdom revealed that 83 percent of respondents believe that mobile devices create an enormous security risk within the corporate environment.
Challenges faced by IT
The research by Webroot revealed that 73 of companies allow their employees to use their personal mobile phone and company smartphone and tablet interchangeably. The unregulated use of mobile devices, with employees increasingly using their personal devices at work and their company-issued devices during personal time has made it difficult for IT to enforce security and usage policies.
This blurry boundary between personal and company also poses challenges for ensuring compliance with industry and government regulations in regulated sectors like government, education, pharmaceutical, healthcare, and financial services, among others.
But regardless of whether it is company information stored on the employee’s device or the worker’s personal data, IT has the responsibility to protect this data against theft. The most common mobile security issues include:
- Loss of company or customer data
- Malicious Malware attacks
- Lost or stolen devices
- Compliance concerns
How can you protect yourself from mobile attacks?
According to Webroot, companies should implement a mobile security solution that comprises three components, namely: device-level security, device control policies, and mobile workforce security training.
1. Enforcing device-level security
Both personal and company-owned devices should have screen locks and secure passwords, and this requirement documented in the organization’s mobile device policies. Additionally, employees should be mandated to keep their personal and company-owned mobile device security software up-to-date. The software should be corporate approved and managed to guard uniformly against malware and other security concerns.
2. Establishing device control policies
The organization should establish a policy that governs how IT staff can maintain control over both personal and company-owned devices while maintaining the network security. Such a policy should include information about how to keep personal information private, like through a mobile phone backup strategy that does not touch personal data (such as containerization), and define corporate ownership over data, information, and applications.
3. Developing and delivering mobile security training
This kind of training will ensure that your mobile workforce remains productive and ready for any security threats to their devices as the first line of defense. The loss of organizational data is a serious concern, so you should consider getting the workforce to sign-off stating that they understand and will adhere to the policies.
Additional measures to common organizational security threats
1. Unsecure file transfer
Mobile devices, including smartphones and tablets don’t have enough storage space. To enjoy the convenience of using a phone to perform business operations, employees typically depend on consumer-driven workarounds and syncing solutions that may not necessarily guarantee secure, encrypted file transfer and storage. To avoid opening up your organization to serious security risks, it is important that you use reputable solutions that provide password-protected file access, file encryption, and more importantly, integrate into the existing organizational security environment.
2. Lost or stolen devices
Lost or stolen mobile devices are not new security risks, though the increasing mobile workforce leave their tools open to loss or theft. It is important to be careful with your expensive mobile devices and exercise caution. For instance, you can install applications that allow you to erase the drive remotely in the event that the device is compromised, lost, or stolen. IT can also configure specific access points based on enterprise policies that turn on or off the user’s ability to open, print, or send files, and much more.
Research shows that consumers, including employees are generally lax about mobile phone security. They don’t exercise caution when accessing open Wi-Fi and public hotspots, or keep their antivirus and other security apps updated to stay protected from the new and evolved malware attacks. So, training employees on mobile device security and creating stringent mobile security policies (like preventing staff from downloading apps from the internet instead of app stores) can make the workforce more active in minimizing mobile security threats.