The 7 Deadly I.T. Sins Number 5: Mobile Negligence
Although mobile devices have a lot to offer businesses, they also represent a potentially massive security risk. Because many organizations allow employees to use these devices for personal use there is the potential of loss and theft. Even if you only allow employees to use their devices in the office that doesn’t mean they won’t accidentally “bring work home”.
Hackers are increasingly targeting mobile devices to steal data (emails, contacts, corporate data, financial information) and send premium rate SMS, using up your bandwidth in the process. Android devices are most vulnerable to threat - last year Sophos Labs saw an 1800% increase in Android malware. While there is less iOS malware these devices are still vulnerable to attack, particularly jailbroken devices.
To protect yourself from these external threats implement these 7 security measures ASAP:
- Implement a mobile device policy. This is especially important if employees use their own personal devices to access company email and data. If the employee leaves or is fired can you erase this data from their device? If it’s lost or stolen can you remotely wipe it? By having a strong, well thought out device policy you can reduce the number of potential threats, and ensure everyone in your organization is aware of how they are expected to treat their devices.
- Enforce the use of secure passwords. Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. Requiring a password on a cell phone will go a long way in preventing a stolen device from being compromised.
- Require all mobile devices be encrypted. This is the most effective way to ensure data security. To read a file you’d need to access a secret key or password that unlocks (decrypts) the data.
- Implement remote wipe software for lost or stolen devices. If you find out a laptop or cell phone is lost or stolen, “kill” or wipe software will allow you to disable the device and erase any and all sensitive data remotely.
- Backup remote devices. If you implement remote wipe capabilities you should also be backing up your devices to keep everything you’re erasing. Make sure you’re backing up all MOBILE devices, including laptops, so you can quickly restore the data.
- Don’t allow employees to download unauthorized software or files. One of the fastest ways cybercriminals access networks is by getting unsuspecting users to download malicious software by embedding it within downloadable files, games or other “innocent” – looking apps.
- Keep security software up-to-date. Thousands of new threats are created daily so it’s critical you stay updated on ALL your mobile devices. As an employer you can remotely monitor and manage employee’s devices to ensure they’re being updated, backed up and secured.