With the use of mobile devices becoming more prevalent in business, it is important you are taking the proper steps to keep sensitive information safe. Many surveys of businesses have found security issues surrounding these devices to be a commonly reported problem.
Articles such as Concerned About Heartbleed? Don’t Forget Android Devices are stark reminders about the vulnerability of phones and tablets. Here are just a few tips to step up security, and keep data secure.
Create a Mobile Policy
Policies abound in most businesses, from hiring and firing to product return policies. You should also have a clear policy in place governing the use of mobile devices. It should cover issues such as guidelines for storing data and what to do in the event a device is lost or stolen. If the device has been issued by the company, you should also include acceptable and unacceptable uses of the device, and permitted and forbidden websites.
Teach Employees Basic Security “Hygiene”
Some of the most effective measures for keeping data safe are the simplest as well, and are often overlooked. Make sure your employees are aware of the importance of creating complex passwords, updating patches and keeping antivirus and other protection software up to date. Don’t assume they are doing this, or understand the full importance of these steps.
Instruct them not to access company information using public Wi-Fi networks, or to enable the “connect automatically” option — if the network is not secure, hackers can easily steal information. There is a good chance these actions are not conscious and are being overlooked, putting your company’s information at risk.
Before you can implement effective safety measures for your sensitive business data, it is important to take inventory of what types of information you are hoping to protect, who has access to that information, and on what specific devices it is being accessed on. This will help you determine the level of security necessary, and the most effective ways of implementing that security. Reduce access to sensitive information to as few people as possible.
Don’t Allow Information to Be Stored, Only Accessed
This is a particularly important point if employees are using their personal devices to access company data, and these devices are going with them if they quit or get fired. It is possible to access data on a device without it being stored locally.
Use Data Encryption
The operating systems of mobile devices have this feature automatically installed, but it is usually disabled by default — make sure it is activated. If the device is stolen, none of the information will be readable.
Central Management of Devices
There are many options for mobile device management (MDM), and can provide a significant layer of protection against breaches. These solutions allow you to monitor devices connected to the network, allow only certain devices to be registered, log activity, limit access to certain types of information or work areas depending on the device, limit connection times to your network, prevent devices that have been lost or stolen from connecting, and remote wiping.