Despite the fact that bring your own device (BYOD) workplaces are on the rise, many businesses lock down their networks and PC’s, but fail to enforce the same level of control on employee-owned mobile devices used for the workplace.’
Addressing mobile security might seem like a difficult task, but it doesn’t have to be. Keep your mobile security ‘in check’ in your business – by following this mobile security checklist.
1. Prevent Unauthorized Access
With mobile devices, it’s possible to prevent unauthorized access by requiring users to authenticate themselves. This could be in the form of a password or pin, fingerprint, location, or even time-of-day when accessing the device. Authentication helps prevent fraud and reduce the risk of unauthorized access to mobile devices.
2. Encrypt Mobile Communications & Data
In a mobile work environment, all communications between mobile apps and app servers should be encrypted. Man-in-the-middle attacks take place over public Wi-Fi and cellular networks, which could jeopardize sensitive business data. To protect your data, strong encryption that leverages 4096-bit SSL keys is necessary for both mobile traffic and the sensitive data stored on user’s phones.
TIP: When necessary, it is possible to protect highly sensitive data from downloading to the mobile device entirely.
3. Monitor Activity of Mobile Users
All mobile activity is traceable. If your business needs to maintain compliance regulations, you may already be aware that regulations mandate user monitoring in order to track any changes or access to sensitive data. A detailed audit trail allows IT to identify accidental data leaks, malware attacks or even insider abuse.
When is monitoring user activity necessary?
Do your employees access or edit confidential information such as credit card data, customer data or healthcare information from their mobile devices? If so, your organization needs to be monitoring user activity.
What can be monitored?
IT staff can monitor anything from app use to their location, failed login attempts and more.
4. Protect Against Data Leaks
Users can install personal apps on their mobile devices without putting data at risk. This is possible by separating business apps from personal apps. In addition, there are multiple ways to prevent data leaks such as:
- Preventing copy and paste functions.
- Blocking screen captures.
- Watermarking sensitive files with timestamps and usernames.
- Preventing download or saving of confidential files to their phone or file sharing websites.
5. Prevent Device Theft
Theft is a huge risk when it comes to mobile security. This is particularly problematic for businesses who are subject to regulatory compliance. Each year, millions of devices are lost or stolen. To prevent sensitive business data from ending up in the wrong hands, a mobile device management (MDM) system can remotely wipe sensitive data and/or ensure this data is never stored on users’ mobile devices in the first place.
Since users often own their phones in a BYOD environment, it is important to keep in mind that remotely wiping the device only locks or removes corporate data, while leaving personal files and apps intact. In the event the device resurfaces, IT staff could quickly restore the users’ data and apps back to normal.
6. Scan for Malware & Vulnerabilities
Malware and Adware can be avoided by testing apps for malicious behavior. IT staff can check mobile devices and ensure the latest patches and updates have been applied to all mobile devices to prevent against these types of vulnerabilities.
7. Educate Employees
When it comes to mobile security, employee education is paramount. Employees should be aware of mobile security threats such as phishing attacks or the risk of downloading apps from unauthorized markets. They should also be aware of the increased risks associated with jailbroken or rooted phones. In a mobile workplace, setting a BYOD policy helps employees be aware of the policies you have in place to protect company data – and the repercussion for violating them.
What’s Your Mobile Security Solution?
When it comes to cybersecurity, the best defense is a good offense. If you have questions about setting up a mobile device management system for your business needs, let us help you.