Smartphones have been re-purposed as business tools due to the increasing number of functions they are able to perform. Today, an individual’s entire life can be accessed through their phone. But what if the smartphone contains sensitive business data as well?
Common Mistakes Revealed
The rise of smartphones in business environments creates a new and bigger potential for data loss and leakage, either by unauthorized access, unauthorized transmission, or theft. In the business environment, smartphone security requires a two-way approach – protection of phones from being compromised, and protection of the company data and/or network from becoming compromised by the compromised phones.
Every smartphone user should adopt basic security precautions and effectively prevent mobile phishing, but more so, when smartphones are used for business purposes, other practices should be established. The following reveal common mistakes that put business smartphones at risk:
- Not Using a Password to Secure the Smartphone
An ADT and McAfee study reported that one third of smartphone users do not protect their smartphones with a password. Furthermore, nearly half of respondents who do use passwords admitted to sharing their password with at least one other person, risking their personal security and all the data found on their device. The reason for using a password or PIN is unambiguous – if a phone is misplaced, stolen, or simply left unattended, anyone that picks it up will have unrestricted access.
- Using Pre-installed Email Apps for Business Communications
Using pre-installed email apps intended for personal use to conduct business-related email communications can have negative consequences, such as infection due to lack of anti-malware, broken audit trails of email communication between parties, and legal issues due to absence of disclaimers or other legal statements. Furthermore, such data is stored on public servers, meaning that data protection is breached, and lack of encryption leads to data loss on end point.
Only business email accounts, commonly referred to as POP accounts, should be used to prevent putting contacts, client emails, and other sensitive data at risk. A worthy method for accessing corporate emails through personal phones is to implement a software solution that permits access to corporate mail without ever saving the data on the mobile device and secure encryption of the transferred data.
- Saving Sensitive Business Data Directly on the Smartphone
Nowadays the majority of businesses are completely dependent on electronically-stored data; when businesses are deprived of access to current digital information, they are no longer able to operate effectively. Therefore, sensitive digital information should be stored remotely on secure online servers, rather than on the mobile phone itself. This means that there is no physical data on the phone that could be accessed, and in the event of the device being lost or stolen, it is easy to change the login details for the server or completely remove the data.
- Not Establishing a Business Smartphone Policy
The IT team should establish and communicate a corporate smartphone use policy. The policy might recommend having users set strong passwords to access their devices, require users to implement technology solutions to access business mail and contacts, and require lost or stolen smartphones that connect to the network to be reported to the IT immediately. Organizations with well-defined policies are better able to stay ahead of the curve of evolving mobile device technologies.
- Failing to Educate Users
The need for awareness in security is as great as the need for security precautions themselves. For a smartphone policy to be implemented successfully, all employees must understand the policy. Therefore, companies should be pragmatic, so as to increase the probability that users follow the policies – users should be productive, without compromising security.
Putting Security Measures into Practice
Security breaches are known to inflict serious damage to businesses, which are not only limited to monetary costs. If the organization allows users to connect their smartphones to the corporate network, the necessary security measures should be enforced and smartphones should be treated as uncontrolled endpoints.
If you are interested in further information, please check out our new e-book:
The Challenge - Secure Access Using Mobile Devices in Business
You must be registered in order to write comments. To register as a new user click here.
If you're already registered, please leave a comment here