Mobile devices are everywhere in business. Employees bring their tablets, smartphones and laptops to work and connect them to company wi-fi. They access sensitive company data from the unsecured wi-fi network at Starbucks; and use their own, unsanctioned productivity apps to do business with the corporate credit card.
While that company mobile is in a coffee shop, a hacker can within 30 seconds mirror that device and copy everything from it, or install malware that allows a thief to browse it — and your company data — at leisure. Or, it could just be stolen, and getting past a four-digit password is trivial for a practiced hacker.
The shear number of mobile devices being used for work has increased productivity for the enterprise and headaches for IT. With more mobile users bypassing corporate perimeter security to upload everything from customer data, email and even viruses straight to the cloud, more companies need to take more proactive steps to shore up mobile device security.
Mobile Device Security Steps
- Enact a mobile usage policy. Be clear about what is and what isn’t acceptable use of mobile devices for work. Provide guidelines on how to access email after business hours, what data is allowed on a device, and what services are appropriate to access at work (file sharing services, for example) and what are not (Online betting sites? Dating networks?).
- Keep it simple. When onboarding employees, make sure that with the basics, HR also provides instructions on how to connect devices to company systems. Making the process easy, consistent and easily available will help you nurture security advocates who contribute to the protection of the entire enterprise.
- Help employees be secure with mobile. Requiring a password of at least four (six is better) characters is a minimum. What you should do is take action should the device be missing: Ensure the screen locks if unused for five minutes, and encrypt the device to minimize the risk of data compromise if the device has been stolen. Get the rights to wipe employee-owned devices when necessary, or at least selectively wipe company data.
- Make data backup easy. Employees accustomed to automatic data backups of office PCs may not buy into rules governing the backup of devices that are always with them. Consider how you’ll backup data automatically, what data you want to backup and encrypt, and even if you want to block a device from sending you data if you think it has been compromised.
- Get a mobile device management (MDM) platform. Choose a solution based on the kind of devices you’re protecting (Laptops? Cell phones? Tablets? Wearables?) as well as what you’re protecting. If you need to secure data from a phone that’s missing, you’ll need a more basic MDM than one built for end-to-end protection. And your needs may be greater; so do get advice on systems that will match your needs for multi-factor authentication or conditional access to data.
These are, again, the basics in mobile device security, but know that even when phones and laptops are secure, threats will still get through. NCA can help you block and mitigate mobile threats with a collaborative, security fabric platform that delivers layers of protection by integrating best-in-class security technology and real-time intelligence. Contact us.
Network Computing Architects, Inc. is a premier provider of high quality sustainable and secure networking, information security solutions and unified communications. We partner with our clients to provide answers to business initiatives where leading technologies converge.
NCA achieved ISO 27001:2005 certification in December 2007 and is currently ISO 27001:2013 certified. The scope of NCA's ISMS is client confidential information within NCA Professional Services Practice.