Protect your devices with these simple steps
If you haven’t already heard of Edward Snowden, then now might be a good time. Despite being one of the world’s most wanted whistleblowers, he’s currently helping to design a smartphone case that tells its owners when they’ve been a victim of phone hacking.
With smartphones replacing laptops as the business tool of choice, the case could become vital in attempts to stop hackers and malware creators targeting mobile devices, often seen as the weak links in network security.
But it isn’t just remote attackers who pose a threat. Research from Trend Micro suggests that data loss is more likely to occur as a result of misplaced or stolen devices, than from malware or phone hacking. Furthermore, and worryingly, Cisco’s 2016 Annual Security Report showed a steady decline in small and medium-sized businesses (SMBs) taking advantage of threat defences.
With all of this in mind, let’s explore five ways to help keep your mobile phones secure from both hi-tech hackers and low-tech thieves.
1. Exclude employee devices with root device access
As the bring-your-own-device (BYOD) to the workplace trend continues to grow in popularity, there is a danger of staff using devices that they’ve hacked themselves on company networks.
Rooting – known as jailbreaking on iPhone – is a relatively simple hacking technique that gives the user greater control over the system. It’s similar to having admin rights on a Windows PC. Although it enhances the user’s experience, it also makes the device less secure.
For these reasons alone, staff should be made aware that they are not allowed to bring rooted or jailbroken phones onto your business network.
2. Have a BYOD policy in place
The rising use of personal devices being added to company networks in the workplace can be a security challenge for smaller companies.
In order to address some of the accompanying problems BYOD can pose, it’s important to have a written policy in place. This will help clarify the responsibilities of employer and employee alike. As a document, it should be signed by all parties to confirm that it has been read and understood.
Unfortunately, there is no one-size-fits-all solution here. Different businesses will have different needs and a written BYOD policy can become quite complex. However, there’s no need to start from scratch. Try looking at some of the free templates available online and then edit as appropriate.
3. Implement Mobile Device Management
Whilst it’s essential to have a written BYOD policy in place, this alone will not safeguard against employees who fail to comply. A software component is, therefore, an essential aspect of any BYOD policy.
With a variety of Mobile Device Management (MDM) packages currently available, IT managers can sandbox business critical aspects of the device, keeping personal and professional data entirely separate. This means that business emails, texts, contacts and applications remain secure from malware that could infect the personal areas of a device. From a central control panel, IT managers are also able to control a range of features, including:
- Remote data wiping
- Finding lost or stolen devices
- Locking and encrypting devices
- Disabling native applications
- Detecting rooted or jailbroken devices, and
- Managing security updates
4. Encrypt and wipe lost or stolen phones
There’s nothing worse than the moment you pat your pocket and realise your mobile phone is missing. It’s bad enough to lose your personal phone, but if it’s a device used for business, then your company’s entire network may be at risk.
Luckily, most smartphones can be remotely encrypted and wiped. So, if you should lose your phone, your data need not be compromised. The set-up process will differ depending on handset and manufacturer, so check with your provider if you need help with activation.
It’s worth noting, however, that although out-of-the-box solutions like this may deter the casual thief, determined attackers will find ways around these safeguards. Hence, such solutions should always be part of a wider business security plan.
5. Audit your existing threat defences
Experts recommend regular security audits, including penetration testing, to help keep your network safe from attackers seeking mobile entry points. For smaller businesses, however, this can be expensive.
So, before thinking about penetration testing, a good idea is to create a checklist of your existing threat defences and carry out regular reviews.
Your checklist should look something like this:
- Screen locks must always in place
- All security updates must be installed at the first opportunity
- Anti-virus and threat detection software must be up to date
- Passwords must be updated regularly
- Remote wipe must always be enabled
- Device tracking must be enabled
Bear in mind that this is not meant to be treated as a security strategy. It merely suggests some of the basic steps to take in order to secure phones from data loss or hacking.
Continued staff development and training are also important – employee complacency can be costly.
Final thoughts on future threats and phone hacking
As unified communications and flexible working become more common, mobile security should be high on your business agenda this year. And whilst it’s essential to keep up to date with current issues, you should consider future ones too such as wearable tech.
The key thing to take away here is knowing that protection against phone hacking and data loss is not merely about installing anti-virus software. As a potential gateway to your network, you should apply at least the same level of rigorous protection to your mobile devices as you would a desktop or laptop, then go even further to cater for the increased complexity of mixed use and high mobility.
Keeping your company’s data secure requires a blend of software, written policy and staff training, all working together as part of an overall strategy.