An IT Service Company’s Basic Tips for Smartphone Data Security
Smartphones and mobile devices are the loose ends of your IT infrastructure. They weave in and out of secure and non-secure networks with potentially complete access to your vital and confidential company information. Securing your devices is an ongoing battle but there are some fundamental actions and IT solutions you can utilize today to minimize the risks.
The One Constant “in IT” is Change
Organizations have been slow catch up on securing confidential company data while their employees’ devices are outside the bounds of a controlled IT environment. Cyber security threats and data breaches are some of the leading dangers that modern businesses face today, due to the ever-increasing transmission and storage of important digital information.
IT Solutions providers are partnering with companies from all industries to educate, plan, and systematically defend your company’s data from a breach. Here’s a few tips to start…
Be Cautious While Using Public Wi-Fi
According to a recent survey by iPass, it was revealed that a significant number of organizations are now prohibiting their employees from using public Wi-Fi services to gain access to corporate information in an effort to maintain data security. Use extreme caution when connecting to public Wi-Fi, while it can be convenient and free, an open network exposes your device and potentially company data to anyone else on the same network. Never using public Wi-Fi isn’t realistic or practical, so when you do… make sure your device is up-to-date with the latest security software and limit your surfing to non-confidential and casual information you wouldn’t mind in the public eye.
Eaton & Associates Tip: Limit or prohibit employees working with confidential and private company information to only a secure IT environment. In a matter of seconds your device could be compromised and company data loss could be quite damaging. Public Wi-Fi is for Facebook, YouTube and a spot check of your email. If you feel the need to do your taxes, do it when you are on a secure private network.
Be Prepared When a Device is Lost
It’s bound to happen, an employee will lose their smartphone that contains critical company data which would be quite damaging if it fell into the wrong hands, especially if the phone does not utilize encryption or does not require a strong password verification. Hoping that someone will return the phone or ignore the information is not enough. Requiring a strong password and auto-locking setting on your device would be the bare minimum level of basic security to ensure a lost or stolen phone’s data remains secure. Apple and Android phones both have security features to remotely locate your phone and they also include an automated complete data-wipe after too many password attempts.
Eaton & Associates Tip: We highly recommend establishing a company mobile device and smartphone policy and additional software and Mobile Device Management (MDM) which is a more robust approach. MDM is a component of a larger IT security policy to ensure threats are limited inside and out of your IT environment. At minimum, enable your smart phone password and “Find My Phone” features. These basic functions will limit the risks of compromised company data and for added protection look for IT Solution Providers to develop a comprehensive mobile security plan that complements your overall company security initiatives.
Smart Phones and Mobile Devices are NOT Immune to Viruses
Business and consumers alike go to great lengths to secure their desktops, laptops, and networks by installing Anti-Virus Protection software and utilizing firewalls all to prevent a data breach. But there’s a clear difference when it comes to proactive behavior when securing a smartphone or mobile devices. As consumers, we rely heavily on Apple and Android software as the first and often the last line of defense between your critical business data and those trying to steal it. Don’t put all your eggs in one basket, like any proper security policy there’s much more you can and should do to protect your company data.
A simple starting point for businesses is limiting access to company data to only those who need it. For those who need access, put policies in place that mandate their devices are up-to-date and have basic security features enabled. Proactive business leaders have a plan and work closely with their employees to come up with practical IT Solutions and IT support services that will help boost data security.
Eaton & Associates Tip: You’re probably seeing a pattern here… keep your device up-to-date and be cautious while surfing the net or opening emails. A few main reasons why manufactures push updates are to improve the software and more importantly to close the exposed security loopholes. Download updates as soon as they are available, this simple step can help you avoid data comprimise and the unsettling feeling of finding out from the nightly news that you along with millions of others need to take additional steps to protect yourself due to a breach.
Responsibilities of Bring Your Own Device (BYOD)
BYOD programs are increasingly popular with businesses from small and medium to enterprise companies. It allows employees to personalize their smartphones and use what works best for them. But BYOD comes with risks and requires a lot of due diligence. Business should clearly define their BYOD policies and inform all their employees of the different forms of remote access and types of devices that are permitted. Reinforcing written policy along with an IT Infrastructure to manage devices exponentially decreases the chances of a data breach. In addition to a comprehensive BYOD policy, businesses should also implement a secure enterprise mobility solution that will be able to protect corporate content utilizing device-independent Federal Information Processing Standard (FIPS) validated encryption. BYOD programs empower employees to use the smartphone and mobile device technology that they are comfortable with. It saves the company money by splitting the cost of the devices and far more importantly… it helps avoid having employees carry two cell phones (personal & work). But having the BYOD program in place puts far more onus on implementing and maintaining strong company policy to limit risks.
Eaton & Associates Tip: We highly recommend locking down employees’ access to the full company network. Limiting access is crucial if there is a breach so that a breach only exposes a small portion of company information. While any breach is serious no matter how much data is exposed, properly managing employees’ access limits exposure right from the source.
Use Trusted Apps
Apps magically change your smartphones and mobile devices into a modern day Swiss Army Knife. They provide tools, games, and entertainment all in the palm of your hand. As consumers, we’re quick to download apps since they tend to be free. But while Apple and Android do a good job filtering out Apps that may be harmful, there’s still risk. Apps add another variable to the security mix by acting as another gateway to allow access to your data. When’s the last time you read the terms and conditions when downloading an app? Apps aren’t technically free as most work in the background collecting data and analytics for marketing companies to market back to YOU. But that’s not the real risk (although some may disagree). Apps can be compromised themselves on a larger scale spilling data throughout the internet and we typically only learn about these issues in the news only after the fact. Do your research on the apps before you download them, especially when using a device containing critical company data.
Mobile Application and Device Management can help to protect and separate critical business information using full, end-to-end encryption that is independent of the underlying device. This technology and methodology fortifies mobile devices, regardless of their version, operating system, or make, enabling them to receive the same level of security while being monitored and updated automatically.
Eaton & Associates Tip: Apps are absolutely the best part of owning and using a smart phone and mobile device. While there will never be a completely impenetrable secure app, stay with the apps and companies that have proven their dedication to security as a priority in their products by researching them first. More importantly, stop the risk at its source by only accessing and storing company data in a known secure location.
Enforce Your Company Policy
Having a policy, changing employee’s behavior, and communicating best practices are a few steps short of having a comprehensive smartphone and mobile device policy for your business. Most companies have a written policy in their employee handbook and enforcement comes from the management team and sometimes the IT department. To leave nothing to chance and for 24/7 protection, businesses look to firms like Eaton & Associates to provide a formal policy and IT infrastructure to substantially reduce the risk of a data breach from a smartphone or mobile device. This solution ties the loose ends of any risks and creates a centrally managed point of control where in the case a device is lost, stolen, or compromised… your company’s data can be secured at a moment’s notice.
Final Thoughts
Securing your smartphones and mobile devices can get complicated but following these few basic tips will substantially decrease your risks. It’s important to remember that security for your IT infrastructure has to be multifaceted and dynamic with a resilient backup solution (Stay tuned for a separate blog post about backup solutions). Each connection to your network and company data is a point of entry for welcome and unwelcomed access which requires a solid plan and enforcement to protect your data 24/7/365. An active plan, strong policy, and employee education is an investment of time and resources but it’s certainly worth the effort as your company data and reputation are priceless.
Reminder:
- Be Cautious While Using Public Wi-Fi
- Be Prepared When a Device is Lost
- Smart Phones and Mobile Devices are NOT Immune to Viruses
- Responsibilities of Bring Your Own Device (BYOD)
- Use Trusted Apps
- Enforce Your Company Policy
Managed IT Services in San Francisco, Burlingame and the Greater Bay Area
Eaton & Associates offers complete managed IT solutions from our offices in Burlingame and San Francisco that can help secure your critical data and IT infrastructure with the latest best practices and methodologies.
________________________________________________________________________________
Eaton & Associates, based in the Bay Area for more than 28 years, we provide IT Services & Products to a wide range of clients, including Government, Enterprise, Small and Medium Business and Non-Profit Organizations. Services include: Managed IT Services, Professional IT Services, and IT Project Management & IT Consulting. Eaton & Associates is a strategic partner with most technology vendors such as HP Enterprise & Aruba Networks, Palo Alto Networks, Nutanix, Nimble Storage, Cisco, Rubrik, Dropbox for Business, Dell, VMware, Citrix, Microsoft, Apple, and many more top technology vendors.
