Article

Mobile office security: beyond the PC

How to protect your business data on all devices

SUBSCRIBE TO OUR NEWSLETTER

Managing_a_mobile_workforce

A new paradigm of mobile working

Statista has forecast that the total number of mobile phone users in the world will exceed five billion in 2019. It means that even more of our working lives will revolve around the little device in our pockets.

But while it’s tempting for organizations to place hard IT restrictions on all external devices, the reality is that productive employees often expect mobile access to emails and organizational data on the go. And while this can be good for productivity, it can leave the company susceptible to hacks, viruses and other attacks.

A major target of cybercriminals is data – credit card credentials, email passwords, contact lists and more. Their job is made all that much easier when staff members mismanage their devices. By this, we mean download suspicious apps, change default settings, and jailbreak or ‘root-kit’ devices without thinking about how it can harm security.

But while it’s clear that smartphone security is important – and becoming even more urgent as we move towards a post-PC future – many organizations still lack a clear strategy for it. So what steps should you take to protect against today’s increasingly menacing mobile security threats?

Mobile_Security_Strategy

How to create a mobile-centric security strategy

While major mobile vendors like Apple and Google try their best to give users a secure mobile environment, threats can still get through if you don’t take some extra steps to lock down security on devices. Here are some essential things to include in any mobile-centric security strategy.

Regularly update operating systems and apps:

New vulnerabilities are always being discovered, and vendors respond by pushing out new patches for their software and apps as quickly as possible. Make sure your users regularly check their device’s system settings for notifications of these updates.

Avoid unsecured Wi-Fi networks:

Public Wi-Fi hotspots are not secure, so your staff should refrain from connecting to them, and use cellular data instead. Also ensure that your smartphones and tablets have automatic Wi-Fi connection turned off. If you’re stranded and need to connect to public Wi-Fi, avoid logging into sensitive accounts. Alternatively, using a VPN client (virtual private network) can help keep your data safe.

Data_Encryption

Only use trusted, approved apps:

Some harmful mobile apps also happen to be extremely popular. Certain instant messenger apps, social media apps, and mobile games can be some of the most hazardous to use in a corporate environment. This is because they may try to gain access to sensitive personal or financial information, or silently make use of features such as the camera or microphone.

This is where mobile device management (MAM) can be very beneficial, as it allows your IT team to only provide staff with access to specific apps they need to work. It also gives them the ability to delete apps and data from the device remotely – which is useful if the device is stolen or lost, or an employee leaves the organization under less-than-favorable circumstances.

Use multiple data encryption protocols:

Combined, multiple data encryption technologies can provide you with much stronger data security than one encryption protocol alone. When comparing apps and solutions, choose those that use a combination of encryption protocols, such as TLS/SSL, IPsec, and AES-256. This will cast a wider net and make it harder for hackers to slip through.

Securely configure cloud services:

Cloud services are often accessed from mobile devices, making cloud security an important part of a mobile security strategy. Bear in mind that third-party cloud providers are only responsible for the backend cloud infrastructure – the actual data security will be your responsibility. Be sure to:

  • Change cloud passwords regularly and consider setting up multi-factor authentication as an extra layer of security.
  • Regularly audit cloud assets for improper configurations, e.g. folders not set up with the right access permissions.
  • Use active security measures such as activity logging, network firewalls and network segmentation.

As more organizations adopt a mobile-first culture, having a mobile-centric security strategy becomes increasingly important. Adopting these best practices will help to protect you against a quickly evolving landscape of online threats and malicious apps, and help to prevent loss of critical data.

Related solutions

Explore further