February 5, 2016
Everyone’s on your team got a smartphone. We live in the 21st century, after all. BYOD policy and corporate devices are a common, positive practice, right?
Well, not exactly.
According to a survey by Ipsos Mori, personal information on company and personal devices often results into major security breaches. The reasons were deadly simple – a fusion of personal and business affairs.
- 73 percent of respondents admitted downloading personal apps to corporate tablets.
- 62 percent did the same on the corporate smartphones.
- Over 50 percent used personal devices to conduct company business.
Hence the question rises: how much sensitive data leaves your building on the employees’ smartphones and other portable devices?
If you work in particular security-sensitive industry, there’s a couple of rules you should implement to avoid unsolicited data leaks and secure mobile devices your employees use.
1. Educate Your Employees About Phishing Scams
Educating your employees is the first step towards maintaining a healthy data security culture. Phishing scams are among the most common cyber crime techniques people usually fall for, especially the so-called “urgency emails” e.g. “Get back to me ASAP with a link to fake website luring to reveal sensitive data. Another example from my friend’s company – a message from “Facebook” urging them to click the link and login to their Fan Page or it would be banned within the next 24 hours.
Teach your team on how to identify those emails and what signs for look for. Urge them to follow-up via Phone or other secure communication channel if they receive suspicions email requests from their colleagues, partners or even what seems to be their bank.
Same goes for any sort of “free downloads” and app downloads from untrusted online vendors.
2. Enable “Wipe” Function on Corporate Devices
The worst security hazard is when a device is stolen or lost. In that case, the actionable protection is to set up the “wipe” function, which could immediately eradicate all the data from the device remotely.
Android devices could be protected with a Locker app that would delete all the data from the device after a series of failed unlock attempts.
If you ever need to recover deleted files from Android, the device should be rooted in most cases. For the criminals that means less chances to get into your data. For you that stands for less chances to get it properly restored if the alarm was false. In both cases, do not allow jailbroken or rooted devices at your company as they always stand for a potential security threat.
Ask your employees to make regular smartphone and tablet data backups and keep the most important data at secure corporate storage.
3. Make Sure the Devices Are Updated Regularly
Make it clear those updates patch up security holes, thus giving less chances for cyber criminals to gain insider access. System update requests should be performed immediately and not tapped as “Remind me later”.
Same goes for Anti-virus software updates, especially for Android devices, which are more prone to malware that comes with app downloads. Both Norton and Kaspersky offer comprehensive protection plans.
4. Educate About Public Wi-Fi Hazards
Public Wi-Fi is not secure and even when the alert pops up – a lot of users simply ignore it. You can’t forbid your employees to browse the web during lunch. But you can protect their user-experience.
The best option is to get a corporate VPN and encourage everyone to use it, when using public or unprotected networks. This way all the data transmissions would be protected by another reliable encryption shield.
Did you like this article?
Get more delivered to your inbox just like it!