In today’s digital world, we are incorporating technology into our daily lives at an unprecedented pace. According to the Pew Research Center, 81% of U.S. citizens had smartphones in 2019, before the pandemic. COVID-19 has driven many of us to use our mobile devices for work, which creates additional security vulnerabilities.
Organizations can debate the pros and cons of Bring Your Own Device (BYOD) vs. managed corporate devices, but everyone agrees you need to select a strong mobile security solution. Our goal is not to dissect the myriad solutions you can employ, but rather to provide a mobile security checklist of actions employers and employees can start NOW, to protect personal as well as company data.
Mobile Security Checklist
Hit the ground running with these 10 steps:
- Don’t mix work and personal mobile devices.
- Whenever possible, deploy mobile devices for your team to use when working from home. This can include laptops, cell phones, tablets, or any other equipment they require to be productive and efficient. Require that work is done from work devices, and personal tasks are done on personal devices whenever possible.
- Train your employees to look for threats, such as phishing attacks.
- Phishing attacks are harder to detect on many mobile device screens because the information about the sender is often condensed and not easily visible. Train employees to thoroughly vet any senders before clicking links or providing information. This is also true for text messages they may receive. (More information about preventing phishing attacks can be found here.)
- Require strong antivirus and antimalware protection on mobile devices.
- Use trusted and popular antivirus and antimalware utilities such as ESET, Trend Micro, or Malwarebytes, and ensure that they are deployed and routinely updated on all mobile devices.
- Keep devices patched and up to date.
- All devices should always be patched and updated to avoid security gaps.
- Keep physical security in mind.
- Train employees to never leave devices in unsecured areas such as their car, unattended bags, or in unlocked dwellings. Keep mobile devices locked and password protected (or use facial recognition, a fingerprint, or one of the many other security options).
- Many employees may be working with sensitive information from home where it may be difficult to avoid other household members. Provide privacy screens for these employees to help avoid any over-the-shoulder privacy issues.
- Always use a secure wireless network.
- When working from a mobile device right now, many employees are likely using their home wi-fi. Train your employees on strong password use and ask them to restrict access to their primary home network. One easy solution is to create a separate guest network for friends and family. You can find more information about securing your home wireless network here.
- Have employees use a VPN whenever possible.
- Employees should be using a VPN for all devices. This will help protect their privacy whether they are using a laptop, phone, or tablet. Ensure that the VPN selected is appropriate for the type of mobile device being used, and that it is deployed on all devices. This is a complex issue, so be sure to research VPN security challenges and best practices.
- Utilize more than just passwords for security.
- For the best mobile device security, ensure that users are taking advantage of multi-factor authentication. Remember that security is not always convenient, but it’s better to have a moment’s inconvenience when accessing your company’s accounts and records than the potential damage from a malicious actor.
- Use strong encryption on all mobile devices.
- A solid security framework comes down to who can see and potentially intercept information being passed along in your network. Ensure that emails and other communication methods are going through encryption measures to keep unauthorized viewers from being able to access your information. Infosec Institute has some great information regarding cryptography and strong vs. weak encryption practices.
- Prevention is merely the first step.
- While prevention tactics (such as sharing this mobile security checklist with employees) are a key tactic for avoiding malicious attacks and cybercrime on your mobile devices, organizations should also be diligent to ensure that employees know what to do when faced with a potential incident. Training employees on the next steps if they think that an account has been compromised is critical. Have a hotline, email, or key point of contact for them to get in touch with should they think something nefarious may have occurred. If you think your company or organization has been a victim of a cybercrime, don’t hesitate to reach out to your IT department for next steps, and consider getting in touch with a cybersecurity company to help navigate your way to a resolution and ultimately safer infrastructure.
Mobile devices enhance efficiency and connectivity, but organizations need to ensure that effective security extends beyond the office to wherever employee may be working. This includes physical security against loss or theft, as well as data and information security. Security is a team effort; management, IT teams, and employees must work together to ensure that company and personal data is protected. Training, implementing the 10 steps in this mobile security checklist, and detection strategies are key components to securing your information and data.