Survey Says: Employees Don’t Understand Security Challenges of Mobile Devices
Your employees increasingly use their own mobile devices for business– a trend known as the consumerization of IT. Symantec recently conducted a short survey to learn more about end users’ experiences and perspectives on this trend. What we found is the consumerization of IT has already become a reality for many organizations.
The vast majority of respondents said their company allows employees to use the smartphones of their choice for work-related activities. And nearly identical percentages of respondents said their employer provided them with their smartphone (44 percent) as those who said they purchased their own (43 percent).
The survey also found that while end users realize the productivity and satisfaction benefits of allowing employees to use the smartphones of their choice for work, they don’t fully comprehend the extent of the security challenges this creates. In fact, 78 percent think that allowing employees to use the smartphones of their choice either has no impact on or only somewhat decreases the overall security of their company’s networks and information.
So what can small businesses really learn from this survey? Small businesses need to educate employees on the potential security risks these devices create and how to best keep them and the data on and accessible through them protected. Below are tips for small businesses to share with employees to help keep your information safe:
- Encrypt the data on mobile devices – The business-related and even personal information stored on mobile devices is often sensitive. Encrypting this data is a must. If a device is lost and the SIM card stolen, the thief will not be able to access the data if the proper encryption technology is loaded on the device.
- Make sure all software is up-to-date – Mobile devices must be treated just like PCs in that all software on the devices needs to be kept up-to-date, especially the security software. This will protect the device from new variants of malware and viruses that threaten a company’s critical information.
- Develop and enforce strong security policies for using mobile devices – In addition to encryption and security updates, it is important to enforce password management and application download policies for managers and employees. Maintaining strong passwords will help protect the data stored in the phone if a device is lost or hacked.
- Avoid opening unexpected text messages from unknown senders – Just like emails, attackers can use text messages to spread malware, phishing scams and other threats among mobile device users. The same caution should be applied to opening unsolicited text messages that users have become accustomed to with email.
- Click with caution – Just like on stationary PCs, social networking on mobile devices and laptops needs to be conducted with care and caution. Users shouldn’t open unidentified links, chat with unknown people or visit unfamiliar sites. It doesn’t take much for a user to be tricked into compromising a device and the information on it.
- Users should be aware of their surroundings when accessing sensitive information – Whether entering passwords or viewing sensitive or confidential data, users should be cautious of who might be looking over their shoulder.
- Know what to do if a device is lost or stolen – In the case of a loss or theft, employees and management should all know what to do next. Processes to deactivate the device and protect its information from intrusion should all be in place. Products are also available for the automation of such processes, allowing small businesses to breathe easier after such incidents.