Many businesses supply their staff with mobile devices for their work, like laptops, phones and tablets. Once you’ve handed over the devices to the team, you shouldn’t just forget all about them and assume staff will keep everything safe. It’s important to protect your company’s information and data (especially if you store any client data) with proper mobile device security. There are a few ways that you can do this to reduce the risk of breaches, device loss and other security issues.
Security Policy for Mobile Devices
Make sure you have a well-defined security policy in place to protect your devices. Any staff that are issued a company owned device should agree to the policy, including yourself. You can include rules about physical security. For example, make staff agree to never leave any company owned devices unattended or left in the car once they’ve left the office. Include some rules about proper device usage. This could include rules like not allowing staff to download apps that haven’t been approved by the company previously, or not allowing family members to use company owned devices or not using work devices for personal use. These policies protect your devices from malware and from unauthorized persons accessing company data.
Mobile Device Management
Enterprise mobile device management solutions allow you to remotely manage device security for all company owned devices. Whether you use an outside agency for this or manage device security from your in-house IT team, you can use MSM to configure security policies and automatically push these policies to any company owned device, whether they are in the building or not. You can control things like access to applications and block apps that sap productivity, automatically download apps that are required for work, and manage app updates yourself. You can automatically push any security updates to your devices to keep everything safe.
It also allows you to track the physical location of your owned devices, which can help if a device is lost or stolen. You can also track device usage, so you’ll know if any of your staff are using your devices for personal use, or are wasting company time when they should be working.
Track the health of your devices and any warranties that may need updating, enforce data encryption, wipe a device that has been lost or stolen or push out company device policies automatically, without bringing the devices back to the office.
Malware Protection for Mobile Devices
Malware is everywhere. To protect against it, make sure that any company device has strong malware and antivirus protection. Keep this protection up to date. You can use MDM services to update all the devices automatically, wherever they happen to be, meaning that you can’t accidentally forget one. Your malware protection should be maintained in order to protect against a range of attacks.
Offer staff training about how to spot malware online. Make sure that they know not to open suspicious looking emails and not to click on strange links or open unrecognised attachments. Make sure the training includes how to tell if a website is secure, and what to do if they think their device may have been infected. Your IT team should be monitoring device health too, but the main user is likely to spot a problem faster, as they use it everyday.
Authentication Solutions for Mobile Devices
To log into your devices, you want a more secure solution than simple passwords and usernames. Passwords that are used should be secure; don’t allow staff to use anything easy to guess. Ideally, strong passwords should include random strings of letters, numbers and special characters. Require device users to change passwords regularly, so they can’t be hacked.
Use multiple times of authentication. A password is one type, so add a couple more. Passwords are known as a knowledge factor, but you should also use a possession factor and an inherence factor. Knowledge factors are things like PINs, passwords and usernames. Possession factors include things like require you to have the device in your possession. This could be something like confirmation codes or one-off passwords sent via text message. Inherence factors are usually biometric. Requiring staff to use something like their fingerprints to log into a device would satisfy this criteria.
For extra security, you could also add location and time factors. These are not secure on their own, but can add some extra security. Location factors use GPS data to allow or block certain requests. Time factors block access to features between certain hours, such as after work when nobody should be using the system.