Friday, October 18, 2019
These days, BYOD is more the rule than the exception. Employees expect to stay connected to work—and even do work—on their smartphones. But as your business grows and more people and devices are thrown into the mix, you might look around one day and wonder, Just how many devices are they using, what kind are they, and what kinds of security—if any—do those devices have?
If this is your current stance, it’s time to herd the cats. Smartphones are just as likely, if not more so, to be vulnerable to hacking as a traditional computer. If you don’t know the answers to the above questions, it’s time to drag out that word that strikes fear when it comes from the IRS, but should make you feel relieved once you do it:
Everybody loves a quiz, like ones that ask what your dog’s breed says about your personality. This one might not be so fun, but it’ll sure shed some light on just how dire your smartphone security situation might be—and knowing means you can do something about it. We recommend putting together a questionnaire for all employees that gathers info on device manufacturer, OS generation, and specifics on device usage as it relates to work versus personal use. For instance, employees who travel frequently are probably accessing public WiFi more frequently and may be more vulnerable to a dangerous internet connection. You can take action by putting extra security measures in place on mobile devices that are, indeed, quite mobile.
The average consumer hangs on to their smartphone for nearly three years before ripping off the Band-Aid and upgrading to a newer model. That’s all fine and well for devices that are strictly used for storing photos of the kids, watching the latest SNL cold open, and accessing personal email—not so much for devices accessing your business network. When it comes to security, a lot happens in three years, and security researchers are on it. They stay abreast of the latest malware tactics and the newest flavors of device attacks, and they pass that along to smartphone manufacturers, which in turn build in protections that address the latest and greatest attacks. If employees are toting around dusty ol’ iPhones and Androids, make it part of your business’s security policies that they have to upgrade more frequently.
Putting tried-and-true mobile device management software in place can automatically help you sleep better at night about smartphone security. There are many options available that will monitor and manage devices and keep them regularly updated with the latest security protections. Look for software that will offer features such as a virtual desktop environment, remote file protection, a VPN on the device, and remote device wiping. Yes, that last part will make employees break out in a sweat, but it comes in handy if a device that can access your crown jewels is lost or stolen.
Dress it in layers
Passcodes are fine as protection if you are only trying to stop your three-year-old from sending a text to your boss. But devices that are used for work demand a secondary form of authentication. Tokens have been in use for a while, but biometrics are also a solid option to put in place to prove users are who they say they are. Like snowflakes, every fingerprint is different.
When it comes to protecting your network from cyberattacks, your people are your first and best line of defense—and also the ones most likely to trip up and enable an attack or misconfigure something. And with a device that’s constantly in their control, those risks are heightened even more. That’s something our information security chief, Tony Spurlin, echoed in a recent interview. We know you trust your workforce, but don’t leave smartphone security to their best judgment. Make it a policy to regularly train employees on smartphone security best practices and any new angles that hackers are using in successful attacks.
Wash, rinse, repeat
The five tips we’ve outlined here are hardly an exhaustive list but are a good start to getting smartphone security under control in your growing business. As your smartphone security needs progress, you may want to explore more sophisticated options, such as unified endpoint management, which approaches security from a “zero trust” standpoint and can come with features that eliminate multiple sign-ons while putting mobile threat detection in place. Regardless, smartphone security—like all security—is never a one-and-done situation. Like your business, technology, and cybercrime itself, it’s constantly evolving.