Is it possible to use mobile devices at work and still stay secure?
Mobile devices have made it easier and easier to get work done while on the go. Laptops, tablets, and smartphones are a simple way to share and review documents, stay in touch with employees, and more while on the road.
However, that doesn’t mean they are free of risk.
It’s no surprise that mobile devices are continuing to become a central and necessary part of the business world. What might be surprising is how unprepared some businesses are for that reality.
No matter what kind of cybersecurity you have in place at the office, it won’t extend to the mobile devices that have access to your data.
This is a critical limitation of your cybersecurity software, and it’s obvious when you think about it – if your firewall is only installed on your work devices, but you let employees use personal devices and home workstations to access business data, then obviously you won’t be totally secure.
What are the top 4 security threats associated with mobile devices?
Consider these 4 mobile-centric factors that contribute to poor cybersecurity:
- Poor Wireless Security: It can be tempting to use a free Wi-Fi hub while in transit, but you should be aware of the inherent dangers. Cybercriminals set up their own Wi-Fi hotspots near popular business venues in the hopes of gaining illegal access to wireless devices. A network that lacks the proper security could make you vulnerable to a cybercriminal, so be sure to only use Wi-Fi networks that you know you can trust.
- Public Technology: Publicly available computers are convenient, but you can never know how safe it will be to use them. Travelers are encouraged to avoid giving any credentials or vital info on public computers, and should be sure that any passwords they enter aren’t saved for later.
- Device Theft: As with any valuable item, there’s always the chance of having your technology stolen. But the damage is compounded when an employee’s stolen laptop contains sensitive business data.
- Poor Practices: If your employees don’t know how to use a mobile device securely, then you’re open to a number of other risks. Apps that hide malicious functions within them are more common than you might think. Not too long ago, a type of auto-clicking adware was discovered in the Google Play store. This malware generates ad revenue for companies by using infected devices to click specific advertisements repeatedly, and this particular strain managed to find its way onto as many as 18.5 million devices.
Furthermore, above-board apps that ask permission to access information stored on the device such as contacts can inadvertently lead to that information being used for unintended purposes. The app itself isn’t causing any harm, but it’s access to your device potentially could.
What apps can you use to keep devices secure?
Virtual Private Network
One of the most proven techniques to make sure your data is safe is to use a virtual private network (VPN), which will give you back control over how you’re identified online.
A VPN creates a secure tunnel for your data to transit the Internet, using a network of private servers.
When you use a VPN, your data is encrypted, or hidden, as it moves from your device to the VPN and then continues onto the Internet through what’s called an exit node. A VPN creates the appearance that your data is coming from the VPN server, not from your device.
That makes it harder for an attacker to identify you as the source of the data – no matter whether you’re on your mobile device’s data connection, or using an unsecured retail Wi-Fi network while you’re in line for coffee. Even if attackers can intercept your data, the encryption means the attackers can’t understand your data or use it to their advantage.
When you put your data out to the VPN server, it exits back out to the public internet. If the site you’re visiting has HTTPS to keep the connection safe, you are still secure.
Find My Phone
Whether you left your phone on the train, or suspect it was stolen intentionally, Find My Phone is the app you need.
These types of apps allow you to remotely turn on your phone’s GPS to determine where it is. Furthermore, some of the more security-focused versions of these apps allow you to execute additional actions in order to eliminate security risks”.
The right monitoring software for mobile devices will protect you from a number of dangerous scenarios, including:
- Jailbreaking and rooting company devices
- Unauthorized access to company data
- Lost or stolen devices that need to be remotely wiped
These programs store all of your passwords in one place, which is sometimes called a vault. Some programs can even make strong passwords for you and keep track of them all in one location, so then the only password or passphrase you have to remember is the one for your vault.
The downside of using a password keeper program is if an attacker cracks your vault password, then he or she knows all of your passwords for all of your accounts.
Multi-Factor Authentication is a great way to add an extra layer of protection to the existing system and account logins. 45% of polled businesses began using MFA in 2018, compared to 25% the year prior.
By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re better able to make sure that the person using your employee’s login credentials is actually who they say they are.
Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.
What are the top 4 smartphone security best practices?
Maintaining mobile security isn’t just about having the right apps – it means following the right protocols, to eliminate unknown variables and maintain security redundancies:
- Review installed apps and remove any unused ones on a regular basis.
- Review app permissions when installing, and when updates are made.
- Enable Auto Update, so that identified security risks are eliminated as quickly as possible.
- Keep data backed up to the cloud or a secondary device (or both).
But all of these steps are secondary to…
The #1 cybersecurity best practice: Privileged Access
The fact is that, no matter what security apps or best practices you follow, you’ll still be at risk if you’re giving your information away elsewhere.
With the amount of personal data that people put online today, it’s not as difficult for cybercriminals to impersonate you as you might think.
By mining your social media, your LinkedIn and your company website, it can be pretty easy for a hacker to figure out your email address and reset your password.
Or maybe instead they spoof your email address and use it to contact a subordinate or a business contact to gain further information and access to use against you.
You need to protect yourself as a matter of privacy, and with the right processes:
- Never give out private information: A basic cybersecurity rule is knowing not to share sensitive info online. The trusted institutions with which you do business will not ask you for your private information. They already have your account numbers, social security number, and your passwords. They won’t have any good reason to ask for it again, right? If an email from a superior or external contact asks for that info, it is likely a scam, so be sure to confirm the request by phone or in person.
- Set standard protocols for requests: Have steps put in place for management to follow when asking for information or access from employees. If your employees have a clear idea of how these interactions should look, they’re less likely to be fooled by a hacker posing as their supervisor.
- Unique & strong passwords: It’s common that passwords are required to include uppercase letters, lowercase letters, numbers, and special characters. Consider using a passphrase—which is when you combine multiple words into one long string of characters—instead of a password. The extra length of a passphrase makes it harder to crack. For a more secure passphrase, you’re encouraged to combine multiple unrelated words to create the phrase, for example, “m4ryh4d4l1ttl3l4mb.” Equally important – don’t use the same password for different accounts. Use a password manager (mentioned above), and make sure all your passwords are unique.
The #1 way to enhance mobile device security?
Train your staff!
Everyone on your staff should be educated on how best to use mobile devices to avoid costly security errors. Your safeguards can’t protect you or your clients if your staff doesn’t understand your policies and procedures, and lacks a basic grasp of security best practices.
Your entire team should be taught how to secure their devices, how to protect business data, what the risks are, and how to avoid common security mistakes.
Do you have a Mobile Device Management policy?
This type of comprehensive policy dictates how your employees can use their personal devices for work purposes, dictating which security apps should be installed, and what best practices need to be followed.
An effective MDM policy should also instill safe and secure practices for employees that use personal devices for business purposes. Key considerations include:
- Decide when and how mobile devices will be used. Integrated into your internal network, these devices can be used to access, store, transmit, and receive business data. You’ll need to have policies in place to regulate how employees use their devices to interact with sensitive data. Take the time to consider the risks associated with mobile device use, such as the potential for devices containing business data to be lost or stolen, infected with malware, or the potential for accidental disclosure of confidential information through sharing a device with a family member or connecting to an unsecured wireless network.
- Consider how mobile device use can pose risks to your data. A risk analysis will help you identify vulnerabilities in your security infrastructure, and help you determine the safeguards, policies, and procedures you’ll need to have in place. Whether the devices in question are personal devices, or provided by your Fort Lauderdale IT company, you will still need to have a clear idea of how they’re being used to communicate with your internal network and systems. Assessments should be conducted periodically, especially after a new device is granted access, a device is lost or stolen, or a security breach is suspected.
- Develop, document, and implement mobile device usage policies and procedures. Policies that are designed for mobile devices will help you manage risks and vulnerabilities specific to these devices. These policies should include processes for identifying all devices being used to access business data, routinely checking that all devices have the correct security and configuration settings in place, whether or not staff can use mobile devices to access internal systems, whether staff can take work devices home with them, and how you will go about deactivating or revoking the access of staff members who are no longer employed.
LAN Infotech is a Microsoft Cloud Services Provider, IT Managed Support company and a leader in helping law firms, nonprofits and medical organizations deploy cloud solutions, manage computer networks, keep data protected and top technology management company. Businesses like yours need technology support to run highly-effective organizations.