Joe Stangarone, writer, MRCs Cup of Joe Blog, August 12, 2014
Summary: As smartphone usage grows in the business, many users still don’t understand proper security practices. If not addressed, this problem could put their (and your company’s) sensitive data at risk. Learn how your users can better protect themselves from mobile security threats.
The rise of smartphone and tablets in the business opens up a new world of opportunity. We’ve seen businesses use them for all sorts of tasks. For instance, we’ve seen businesses use smartphones to:
- improve productivity,
- automate manual processes,
- improve data accessibility,
- and much more
But, besides all these benefits, smartphones create something else: new security risks.
As more employees adopt smartphones, many still aren’t aware of proper security practices. If not addressed, this problem could put your sensitive corporate data at risk.
Today, let’s uncover some mobile security tips that could help you avoid a security breach. Now, this is a broad topic, so I’m breaking it up into two articles. We’ll cover some security tips now, and the rest in an upcoming article. Sounds good? Alright, here are 7 security tips for mobile users:
1. Be wary of public WiFi (and bluetooth)
Public WiFI hotspots are convenient…but insecure. Here’s a good rule of thumb when using public WiFi: Assume someone is watching.
Does that sound a little paranoid? Consider this: A few years back, researchers created a Firefox plugin called “Firesheep.” They built it to highlight the security risks of public WiFi. What does it do? Firesheep lets anyone watch your activity on an unencrypted network (like public WiFi). No hacking skills needed.
That should make you think twice before pulling up sensitive information on a public network.
2. Use a VPN
So, should you avoid all public WiFi? Not necessarily. If you must use public WiFi, protect yourself with a Virtual Private Network (VPN). As explained below, a VPN installed on the device will help protect you from the risks of public hotspots.
3. Secure your device with a password
Here’s a shocking statistic: 3.1 million American consumers were victims of smartphone theft last year. That number will rise this year.
What’s worse: Most consumers still do not lock their phones. They don’t use passwords, pass codes, unlock patterns, etc… What does that mean? If their phones are ever stolen, the thief has instant access to everything on the device.
4. Use Lock/locate/wipe software
The best security advice: Assume your phone will get lost or stolen. How will you get it back? How will you ensure that your (or the company’s) sensitive data isn’t compromised? As explained below, you must be able to remotely locate or wipe your phone if necessary.
“Devices should be configured so that they can be remotely locked, located and wiped in the event of loss or theft,” says Paul Hill, Consultant with SystemExperts. “All staff should be taught to promptly report a loss or theft so that the device can be remotely locked, wiped, or located, in a timely manner.”
5. Don’t store sensitive corporate data on the device
Even if you take the above precautions, a determined thief could still access data on a phone with the right tools. The best defense: Don’t store sensitive corporate data on your device in the first place.
What does this mean for the business? How do you give employees access to the data they need while maintaining security?
6. Be cautious with apps
Going one step further, you should approach every app download with caution–even those from reputable app stores. Why? Once installed on your phone, apps can access most everything on the device. Carefully inspect how much access an app requires before installing it. The app’s access requirements might surprise you.
7. Use anti-malware software
As smartphones become more popular, the amount of smartphone-specific malware grows. We’ve reached a point where our phones need malware protection almost as much as our PCs.
Founded in 1994, SystemExperts is a premier boutique provider of IT compliance and cyber security consulting services. We help clients see the big picture and design solutions to meet their comprehensive security needs. We are dedicated to providing unmatched personal attention, distilling problems to their root causes and recommending what’s appropriate for our clients. We have built our reputation on providing practical, effective IT security solutions for securing enterprise computing infrastructures.