Recent research has shown that SMB's have been slow to adopt mobility solutions for fear of the threats posed by breaches in mobile security. With serious concerns around the security of the Android operating system, and the U.S. smartphone market predicted to grow by almost 30% in the coming years, it is crucial that the reported 86% of U.S. companies who have not yet adopted mobile security as standard do so quickly in order to secure critical enterprise information.
How to improve Mobile Security?
1. Don’t store important data solely on mobile devices
The best way to prevent critical data leaking from insecure mobile devices is to ensure that it is kept on servers and managed in a data center, with access permitted only via the network. This approach prevents local copies being stored on client devices and reduces the risk of secure data finding its way into the public domain via a lost smartphone or tablet.
2. Increase security measures
Most companies are already aware of the need to adopt a password system, forcing employees to choose secure passwords for their computers to prevent them from being easily hacked. It is crucial that this policy also be adopted across all mobile devices used to access company data. Companies should further consider implementing secondary security measures such as fingerprint readers, smart card readers, etc. It is a good practice to ensure that mobile devices such as laptops are not set with long idle times, to reduce the window of opportunity in which a thief could access data.
3. Maintain a registry of risky/recommended apps
Some mobile apps are not appropriate for installation on a device connected to a company network. Likewise, many apps are useful for business purposes and increase productivity. Maintaining a registry of these apps (or even creating a company-specific app store) makes it clear to employees which apps are acceptable and which are not. Take steps to lock devices supporting risky apps out of the network, until the employee in question has removed the unwanted app. Implementing this straightforward policy is an easy and effective way to maintain mobile security without spending a lot on reactive fixes. If your IT department does not have the resources to do this, consider outsourcing with managed security as an option.
4. Encryption sensitive files and information
It is a good idea to consider whole-disk encryption for company laptops and hand held devices. For laptops this is easy to achieve, however encryption can be more difficult in mobile devices, especially in companies that support a BYOD (bring your own device) policy.
5. Restrict use of mobile devices to those who really need them
It may sound obvious, but perhaps the easiest mobility solution for a company is to restrict use of mobile devices to those employees for whom access to company data on the move is crucial. It can be tempting to try to stay up to date by issuing multiple mobile devices, and connectivity on the move undoubtedly increases productivity and enables employees to be more effective, but is it worth the potential consequences?
Before issuing a mobile device or approving a mobile device connection to a company network, assess whether the mobility benefits for this particular employee outweighs the associated risks.
Need help assessing the best mobility practices for your company? Get a free iCorps consultation today!