The Challenge to Keep Employees Mobile Data Secure
96%. According to a report from market and technology firm Canalys, that's how many mobile devices don't have any security software installed.
One of the big challenges in assessing and containing risk is the sheer variety of threats that mobile devices are open to. Of course, there is the traditional malware threat: according to tech security firm Kaspersky, 2012 saw over 14,900 new pieces of malware targeted at Android devices. This marks a three-fold increase over 2011, although some companies like F-Secure disagree about the doomsday figures. Even with the much more tame figures, F-Secure still found a 64% increase in the total number of malicious Android files. Many of these threats came from websites users visited on their mobile phone, and many more masqueraded as legitimate apps in the App Store.
Still, there are some simple steps and precautions that any company can take to try and minimise the threat of mobile security breaches.
- Make sure that your company has a mobile security and Bring Your Own Device policy (if you allow BYOD). More importantly, make sure that your employees know what those policies are and what they need to do to be compliant. A report from Globo, for instance, revealed that as many as 91% of employees don't know whether their organisations even have a BYOD security policy.
- Run frequent device audits. It's not enough to mandate security policies. Mobile devices are much more difficult to track and monitor than traditional desktops and even laptops, so a schedule of regular and surprise policy audits are a must. IT staff should check to make sure that there are no unapproved apps installed, that all security features are active and actively being used, and that apps and OSes remain up-to-date.
- Require full data encryption at all times. The risk of a smartphone or tablet being stolen are higher than ever, and company data can easily be pulled off of the device. Simple password locking or other native features can help slow down casual thieves, but will not protect your data from a dedicated attacker. A third-party data encryption program will keep proprietary and confidential data much safer.
- Have a data wipe policy in place. Many third-party security apps allow you to set up conditions that will cause the phone to completely wipe all data. These conditions can be anything from multiple failed login attempts to a failure to communicate with the corporate network in a given time frame. Similarly, all company devices should have a remote wipe feature that can let you initiate a full device wipe the minute an employee reports the phone lost or stolen.
- Don't allow unauthorised service. Pick a service provider that you trust to perform all service on phones, and set policies preventing employees from getting any work done anywhere else. Make sure that these policies explicitly include "authorised service locations" and carrier/manufacturer-run shops and kiosks.
About the Author
Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.
Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.