Mobile Devices and Your Security – Beyond Simple BYOD
By Michael O’Shaughnessy
Here is a question I bet you have never asked yourself; is your smartphone secure? I don’t mean a password, although that is important, I mean using an actual anti–virus/malware app. If you have some type of scanning app loaded on your phone congratulations, you are one of the 4% of all smartphone owners that actually take measures to secure their device. 4%. Surprising? You had no idea? The bad guys certainly do and they are paying attention and acting on that knowledge.
Most folks actually think that their phones are secure in and of themselves, that data thieves focus on computers not phones or mobile devices. According to a report by Appthority, data thieves will focus more on mobile devices than traditional computers by 2018! Your phone/tablet can be a gateway to your business and if you are not securing it you are leaving yourself and your business vulnerable.
Using a smartphone or tablet to operate your business or at least access information for your business is extremely common and becoming even more so. In order to save money and “simplify” many small and medium sized businesses rely on employees to BYOD (Bring your own device). Employees (and owners) can access company email, financial information, internal data sources and client lists. Most times there are no controls by the company, after all the phone is owned by the employee.
Business today runs fast and a mobile device such as a smartphone or a tablet can be of enormous benefit. I use both to run my business and find by having all my devices, my computer and my team synced together we are more effective, efficient and profitable. Utilizing the latest in technology can set companies apart from the competition and allow growth that is managed and coordinated. Technology is good for business and is vital to competing in the business world today. There are, however, issues with technology that we should prepare for and mitigate. Here are a few tips for effectively and safely managing your company smart device program:
- If owned by the company, ensure that each device is able to be remotely wiped in the event it is lost or stolen.
- Be certain that all devices are security lock enabled and that the security lock is used.
- Make it a policy to update firmware regularly. If employees are responsible for updating their own device make them available when new firmware is available.
- Maintain a list of devices where company information is stored or can be accessed. Even an employee owned device needs to be registered in order to access the company information.
- Utilize an anti–malware application. There are many to choose from and many good ones that are free.
- Consider utilizing a VPN (virtual Private Network) which helps to secure the transmission and access to the network.
- Only download applications from trusted sources. The vast majority (over 95%) of malware on mobile devices comes from 3rd party online stores.
- Develop and communicate your Information Governance plans, policies and procedures so everyone is aware how important security is to you and your organization. Security should be a part of the culture of every organization.
- Most importantly inform employees of the dangers and keep them up to date on changes in the mobile computing world. Your biggest asset and conversely your biggest threat can be your employees making an uninformed decision that leaves your network vulnerable. Teach them what to look for and how to avoid.
The bottom line is that mobile computing is here to stay and will increase in importance in the business world. Ignoring the potential benefits is as bad as not preparing to minimize the threats. A common saying is the security world is that a breach is not a matter of “if” it is a matter of “when”. Doing all you can to get the most out of the technology while balancing the security is prudent, cost effective and just good business.
Michael O’Shaughnessy, President of GuardianPro is a cyber security expert and published author on the topics of information governance and security. Guardian Pro works in partnership with Merchants Information Solutions to provide SmartIDentity for Business.