Smartphones are handy, pun intended. They’re convenient, easy to use and connect us to a network of infinite information. We use them all the time and, although this dependence isn’t always viewed positively, we can’t deny that they’ve revolutionised the way in which we communicate, particularly for working professionals. They’ve completely overhauled how we conduct business and carry out work-related tasks.
However, as with all great technological advances, we’re faced with new risks. Every single business stores confidential information in some form and each piece of this data requires varying degrees of security and access. Many professionals will look at, download or employ the use of confidential information via their smartphone so they can do their job from any location. This means that business networks are vulnerable to security breaches from unlimited points of entry. To prevent such breaches, businesses must vigilantly implement smartphone security best practices and ensure that their employees take the necessary precautions.
What You Can Do
Provide employees with company phones or enforce clear BYOD policy
BYOD or Bring Your Own Device stipulates that people can use their own smart devices to access the company cloud or network. This is obviously easier for businesses that can’t pay for each employee to have a company phone. However, BYOD policies open businesses up to a variety of security risks, particularly when they are not clearly communicated to employees. If you wish to implement the utmost of smartphone security measures, then company phones are your best option as you can programme them to suit your needs and ensure employees only use these devices – and only use selected apps on these devices – to conduct business. Those companies unable to shell out thousands for company phones must instead enforce a transparent BYOD policy with clear guidelines for employees.
Ban public Wi-Fi and/or you use SSL or VPN
Many businesses ban employees from using public Wi-Fi when accessing company data because of the numerous smartphone security risks. Any company information, such as a network password or login, stored on the phone is at risk when said phone is connected to public Wi-Fi. What’s more, if a person goes through the process of connecting to the company network using public Wi-Fi, they put the whole network at risk. The best way to prevent these security issues is to enforce a public Wi-Fi ban and/or employ an SSL or VPN network.
SSL and VPN provide extra security for businesses and are commonly used by businesses and other organisations, such as universities, hospitals, etc. They help ensure that your confidential information remains confidential, regardless of whether an employee uses public Wi-Fi or mobile data, by encrypting data in transit so that it can’t be read even if it is intercepted.
Employ EMM and utilise MDM, MAM and MIM systems
EMM, or Enterprise Mobility Management, is the general approach for ensuring the secure and safe use of smartphones and devices by employees. Business should use multiple tools to enforce their EMM strategy. Search Mobile Computing succinctly summarise the most common methods:
EMM typically involves some combination of mobile device management (MDM), mobile application management (MAM) and mobile information management (MIM). MDM focuses on locking down mobile devices, while MAM focuses on controlling which users can access which applications and MIM focuses on allowing only approved applications to access corporate data or transmit it.
Businesses must learn to manage the different solutions so they can provide cohesive smartphone protection against attacks from all possible points of entry.
Develop a mobility policy and strategy and educate this policy to your employees
Make sure you have an official and clearly written mobility policy and smartphone security strategy in place. It’s no good adopting the above methods if you don’t stick to them or don’t inform your employees. Keeping communication open between you and your employees will help you keep your data more secure, give them a guide to which they can refer and encourage them to express any concerns and ask questions. Security is pointless if not everyone is on the same page.
What Your Employees Can Do
Password protect their phones
A pretty obvious precaution, password protecting smartphones that contain company data is absolutely essential. If your employees choose to access confidential data through their smart device, then make sure they know that they must use password protection. It’s a minor inconvenience that fortifies your data. Of course, any techy enthusiast could bypass the password or pin function, but this simple action will help protect company data if a phone is stolen, misplaced or handled by someone other than the user.
Install security software
A lot of people don’t think about installing security software on their phones even though it’s a known fact that phones are becoming more and more like computers – on which most people will secure some sort of antivirus/security software. Security software helps protect the data held on phones against malware or viruses to which smartphone users are particularly vulnerable; it’s harder to tell if you’re on a phishing website on a device screen that’s smaller than a desktop. Businesses need to be more aware of smartphone internet risks. Tech Republic recommends that businesses install a ‘corporate firewall that does deep packet inspection of smartphone traffic’. These necessary precautions should be part of your EMM strategy and made clear to every employee using the company network.
Turn off apps and functions that aren’t in use
Employees can reduce the likelihood of a company data breach through actions as simple as turning off their Wi-Fi or Bluetooth when it’s not in use. A lot of the time, smartphones – and iPhones in particular – try to connect to the nearest Wi-Fi available. This is highly insecure and increases the likelihood of data breaches, especially if a user is logged into their company network on their phone.
The numerous apps held on smartphones can also put company data at risk. As IT Proportal neatly explain: ‘unencrypted copies of potentially critical documents can be strewn all over mobile filesystems’. Employers need to ensure that staff have access to encryption software and advise them to close negligible apps when accessing the business network.
Smartphone Security: A Necessity for the Future
Smartphones have opened up a world of opportunities for working professionals. We can do work anywhere and communicate instantaneously. We cannot, therefore, afford to ignore the role of the smartphone in business but must incorporate it into our business strategies by taking the necessary smartphone security precautions.