Whether your company provides workers with mobile devices or allows them to bring their own, you have to be vigilant. If your employees work outside the office with their tablets or smartphones, they’re walking around town with your data in small, easy-to-lose, easy-to-steal containers. Should any of those devices go missing, there’s a lot more at stake than the cost of the hardware.
Following these basic procedures will help keep your company safe from mobile threats.
Insist on mobile antivirus apps
Almost everyone knows that they need an antivirus program for their Windows PC, but few understand the necessity of running a similar tool on their mobile device. According to Symantec's Internet Security Threat Report for 2014, 57 percent of adults didn't even know that such tools existed. But here's the really scary part: Only 44 percent were equally ignorant in 2012. In other words, the average person knows less about mobile security now than they did two years ago.
Android attracts more malware than iOS by a very large margin. According to Kaspersky Lab's Mobile Cyber Threats report, published this October, "98.05% of all existing mobile malware targets the users of Android devices." The ability to download apps from sources other than the office Play Store, and the irregular way updates get pushed to devices make Android a tempting target.
But iPhone and iPad users shouldn't be complacent. iOS has its share of vulnerabilities. What's more, malware that latches onto applications doesn't really care about the operating system; if the OS can support the app, the app can support the malware.
Think data, not device
Losing a smartphone is an inconvenience. Letting the data on it fall into the wrong hands is a disaster. According to Adam Ely, Co-Founder of Bluebox Security, "79% of companies reported a mobile data breach, with the cost of data loss ranging from less than $10K to over $500K per incident." That's a lot more than the cost of a phone.
The first line of defense: Secure the mobile device with a sufficiently complex password. You might also consider other techniques for locking a phone. Add more protection by encrypting company data (a locked phone doesn't help much if the Micro SD card inside is open), and a mobile-to-company-server backup routine.
Use a Virtual Private Network
Criminals don't need to steal a smartphone to read the data flowing from that phone to the Internet.
That's why your company needs to use a VPN to encrypt the data as it journeys between the mobile device and the network. A good VPN provides more than just encrypted data. It can track who's accessing the network, authenticate users, and allow employees to access company applications in the field.
Respect your employees' privacy
If you don't handle your company's BYOD policy properly, your employees may look at you with the same lack of trust that American citizens reserve for the NSA. As Ely explained, "it is important to maintain boundaries between work and personal use on an employee’s personal device. Users are rightfully worried that their privacy will be compromised if they use their personal device for work purposes."
Your BYOD policy must spell out clearly what rights belong to the employee and the company. Prepare a clear statement that defines the circumstances in which the company will open private files. Also, the employee must understand ahead of time that the device may be wiped remotely should it be lost.
Make it easy
If a user must go through eight security steps before they can get to work, they will find a way around those steps. After all, they're being paid to be productive, not to enter multiple passwords and prove that they really are themselves. According to Ely, "No matter how robust a mobile device program is it will not succeed without the support of the end users."
So keep ease of use in mind when designing a secure system. Require fewer passwords, and use automated encryption technologies that don't require many user interactions.
Another way to simplify: Design easy-to-use systems, and help employees when the systems aren't as easy as they should be, and offer convenient options like remote access to help them get fast support from your help desk if they need it. "Support must be a priority," warns Ely. And "focus on product design to minimize issues, prioritize quality testing and populate…support portal with how-to’s and FAQs."
Going mobile has considerable risks and considerable benefits. You need to lower the first so you can make the most of the later.