What Are Mobile Security Best Practices?
The modern office isn’t limited to the walls of your building.
Perhaps in the past, it was possible to limit IT protections to desktop computers located inside a secure building, leaving you sure your data and processes were safe from attack. That is no longer the case. The rise in telework and employees on-the-go means a rise in the top mobile security threats. There is a need for all types of mobile security for your business.
Are you prepared? Do you know the mobile security best practices?
What Are the Top Mobile Security Threats?
Phishing and SMSishing
Think it’s only a desktop computer concern? Phishing (and its text-message sibling SMSishing) can also be used to attack your mobile devices. Emails, whether opened on desktop or on a smart phone, are the perfect delivery system for malware, ransomware, and quick access to your data.
Phishing and SMSishing are tactics employed by scammers to get users to open emails and texts and click on the links they contain. This often works because the fraudulent emails seem to come from reputable sources or even from someone the recipient knows. The best protection against this threat is user education.
Application and Software Vulnerabilities
No apps are 100% secure. Many third-party apps are uninspected or unmonitored, which can leave giant holes in your security coverage. Knowing the risks involved is a good step.
Always check the permissions you are giving the app before you download and use them on your mobile device. Avoid developers that you don’t know, or google the company or app to make sure it is legitimate. However, even well-known brands like DropBox and LinkedIn have had data breaches.
Be a watchful consumer. If something seems sketchy, it probably is.
A jailbroken phone has been modified to remove restrictions put in place by the developer or manufacturer. Devices at the highest risk for viruses and malware are jailbroken or out-of-date smart phones.
This is why it’s so important not to ignore software updates, but install them as soon as they’re available! Operating system developers try to be fastidious about staying ahead of malware, so as soon as a threat is identified, security teams release a patch and send a notification to update your phone.
The best way to protect sensitive data on your mobile device is to not use it on a public network. If you are out and about and need access, find a secure network to sign in to. Don’t have your phone autoconnect to any open network.
You should also turn off features you’re not using. This includes location, Bluetooth, iPhone’s AirDrop, or any other “connected” feature your phone has. This helps keep you from being tracked or allowing anyone to easily hijack parts of your phone.
Another option is the use of a VPN, but take care to research reputable providers. Because VPNs also require software, they can introduce their own vulnerabilities and malware to your mobile device.
What Types of Mobile Security Are Available?
Authentication and Multi-Factor Authentication
Any device being used for business or official purposes should be protected with a lock. Even basic functions should only be accessible with a password, PIN (personal identification number), or biometric feature like facial or fingerprint recognition. These should follow password guidelines and be as complex as the system allows.
Access to business-sensitive applications should be protected with multi-factor authentication, like access to a business email.
Keep the Device Up To Date
Operating system providers regularly release updates to address security vulnerabilities and other threats, so one of the best defenses is simply allowing those updates be installed. If you have concerns about an update, managed IT services providers are great resources, and can even remotely control updates, triggering them only when an update is confirmed to be safe and necessary.
Though these pesky updates may get annoying, especially when they change the user experience in small ways, they’re vital to the security of mobile devices and the data they contain.
Jailbroken iPhones are at the greatest risk for viruses because jailbreaking removes most of Apple’s protective restrictions. Some users find Apple’s limitations bothersome and bypass those safeguards to make their mobile experience more customizable. This customization comes at a price, however, because allowing unvetted apps voids your iPhone’s warranty (meaning you can no longer access Apple Support) and leaves you vulnerable to cybersecurity threats. These phones should absolutely not be used for business purposes.
Utilize Security Applications
Security applications can be installed on all mobile devices used for business purposes.
Anderson Technologies recommends utilizing applications like MaaS360, which keeps devices connected and reporting to our IT managed services. Many of these security applications have similar features, but look for one that enables the mobile worker to use their personal device and limits protections and monitoring to the few business-related applications. This will keep your business data safe while also allowing the freedom of a personal device.
The many benefits of these applications include remote deletion of applications and data, GPS tracking, data encryption, and restoring a lost device to factory settings.
Perform Regular Backups
Updating your device isn’t the only thing that should be done on a regular basis.
Whether you use the backup service that comes with your device, like iCloud, or perform manual backups of your device onto a computer, consistent backups of your device’s data, applications, and settings ensure that a mistake isn’t forever, and that if something breaks, fixing it is as simple as reverting to the previous version of your device.
Educate UsersAs with many other technology-connected threats, the best defense is user education. When encouraging mobile device use for business purposes, provide employees with a guide to the risks they should avoid and the protections they need to implement.