Summertime! That means sunshine, travel…and additional data threats to your smartphone. What’s that? You don’t consider mobile security risks and summertime as going hand in hand? Well, consider this: As you and your employees take some well-deserved time off, will you be taking smartphones with you? Of course you will. And chances are you will be accessing corporate data. In fact, a recent Symantec survey on security habits of mobile device users revealed that 62 percent of corporate smartphone users access sensitive corporate information while on vacation, and 81 percent will at least be checking their business email accounts.
With a variety of looming threats, from unsecured networks to malicious apps, corporate smartphone users should carefully consider what they can do to make sure a vacation from the office doesn’t turn into a vacation from security. The following best practices will help you keep mobile devices secure.
- Use the “passcode lock” feature, and make sure it features a secure password: This may seem obvious, but 18 percent of smartphone users do not use the passcode lock feature. This is the most basic security precaution and requires minimal effort on the part of the user.
- Encrypt the data: IT should only allow devices that support encryption, ensuring that in the event a device is lost or stolen, nobody will be able to access the corporate data it contains. This can reduce a potentially costly data breach to simply the need for equipment replacement.
- Use a mobile device management solution: Today smartphones and tablets are being used the same way as laptops and PCs in which they are accessing email, using enterprise apps, and accessing corporate servers. As a result, the device and apps need to be managed through the entire device lifecycle from device provisioning to securing and monitoring to device retirement.
- Use security software and keep the OS and apps up to date: While most businesses provide security software for work-related smartphones, 42 percent of business smartphone users are unaware whether their company provides any. IT should provide security software and establish policies regarding patches and updates. Users should be sure to closely adhere to established guidelines.
- Follow employer-specified practices: Any mobile device that accesses sensitive corporate information should be subject to corporate policies. A Symantec survey on the consumerization of IT revealed that 51 percent of companies communicate policies regarding work-related smartphones.
- Consider emerging threats: While traditionally the greatest threats to mobile security have been physical loss or theft of devices, hackers are increasingly turning to apps. In many cases, these originated as legitimate apps. Hackers download them, insert malicious code, and repost them. Users notice no difference in functionality, but the app performs malicious activity in the background. Users should avoid jailbreaking or rooting their devices since it makes the devices more susceptible to mobile threats. Users should also exercise the same level of caution they do on PCs and laptops. If they receive a strange MMS with an attachment or link, they should be cautious before opening the attachment or link.
Mobile devices represent an important juncture between corporate and personal data. With 91 percent of companies allowing their employees to use work-related smartphones for personal use, and the lack of corporate control over mobile carrier networks, security threats are less a matter of if than when. IT managers and mobile device users can work together to establish and adhere to policies that will keep data secure at the local coffee shop, the airport and the beach. After all, even though you may be taking a few days off this summer from the daily grind, cybercrime doesn’t take a vacation.