Mobile Device Security: Protect and Educate

By the DynaSis Team

Despite the fact that mobile threats are increasing exponentially (mobile malware jumped 75% in 2014, alone), an astonishing percentage of mobile phones have no security protections, at all. Per a 2014 survey, only 14% of devices have anti-virus software, and 34% of mobile phone owners don’t even use the screen lock feature. As a result, organizations that allow users to store company data on their mobile devices without added precautions are exposing their company and its assets to extreme risk.

Implementing a mobile device management system is a key step in securing the enterprise against an onslaught of inadequately secure devices, but educating users to reduce the danger is equally important. As with desktop platforms, users are the weakest link in any security chain. Following are some suggestions that will help protect your employees―and your business.

1. Simulate the danger. Create and distribute, from a non-office device, a phishing-type email and see who takes the bait. (Phishing emails are those that look real but the links take users to malicious websites. Phishing messages opened on mobile devices can infect laptops and corporate systems, as well, so companies and employees must take it seriously.) Making bad decisions is often a far more effective learning technique than hearing about them. Bottom of Form
2. Create a Training Program. Some personnel don’t enact security measures (such as passcodes) on their phones because they don’t know how. Either teach them how to properly secure their phones or have your tech team secure them upon request. Additionally, show personnel how to create sufficiently robust passcodes and ask them to adhere to the recommendations.
3. Outlaw “Jailbreaking.” Jailbreaking―the process of thwarting a device’s operating system so the user can install unauthorized apps―is predicted to be the cause of up to 75% of mobile security breaches by 2014 (per research firm Gartner). To secure corporate assets, companies should create policies against jailbreaking with strict penalties for non-compliance, including loss of device use (for corporate-owned phones), network access or other privileges.
4. Implement a “No Consequences” Policy for Device Loss with Immediate Notification. Terrifying employees that they will be fired if they lose their corporate devices, or shaming them in front of their peers, makes them afraid to report device loss immediately. Their logic is that they may find the device and avoid reprisal. Any reporting lag time puts company information at risk, so companies should encourage employees to report device loss immediately―and should implement “find me” services for all phones operating on the corporate network.

For companies without a specially trained “mobile technology management” team, some of these activities―and others such as policy development and device security―can be complicated and confusing. To discuss implementing these and other protections for your firm, we invite you to give us a call.