For the everyday business, one’s employer may not consider the risks associated with issuing a company mobile device. They might even assume that just the passcode or passphrase at the lock screen is enough to prevent unwanted intrusion.
The security of a company mobile device should be just as important as securing a server or workstation. This is because a company issued device is likely to have sensitive information regarding the host company, and possibly client(s) of the host company.
These are just a few examples of information that is commonly accessible on a mobile device: Phone numbers and contact information, Email addresses and emails, Passwords, Documents, Photos, Text Messages, Company and Client information, and so much more. Would you want to store such sensitive information under just a 4-digit passcode?
- It is recommended that the passcode just to unlock the device should be compliant with a company’s network authentication password policy.
A password that is compliant with the company’s network authentication password policy ensures a great first defense for mobile devices.
- Any information regarding a company or client that is not public knowledge should be stored in an encrypted application or something similar.
Whether this is an application installed on the device or a Data Store that is accessed via VPN or through the Web if it is not public knowledge it should be secured.
- Email phishing applies to mobile devices just as it would a workstation, so any suspicious emails should not be opened.
If you suspect an email to be suspicious, it is better to be safe than sorry. Do not open an email, or its attachments/hyperlinks if you cannot 100% verify the sender.
- Even the simplest of actions such as updating your mobile device’s software could mean the difference between being compromised and staying secured.
Updates to device software remove or patch vulnerabilities that were discovered in the last update, so this should be an important task to complete frequently. Even with measures like this put into place, nothing can prevent an employee from losing a device, or have it stolen.
- In the case of a lost or stolen device, the most viable option would be to wipe the device remotely.
In some cases, the device settings allow the user to set up an automatic wipe of the device if there is “X” amount of failed login attempts. This can be advantageous in the case of unauthorized access to a mobile device.
Security risks are faced and dealt with every single day. The security policies you put into place could determine the safety of your business, your employees, and your clients. Information can be dangerous if misused, and with these suggestions in place, you can begin to build a very viable mobile device policy for your company. TCS, can keep you up to date with all of IT’s best security practices. To learn more about a secure mobile device policy for your company fill our the form below or call us at 336.804.8449.