It’s a big problem that can fit in the palm of your hand—mobile malware and the security risk all those employee smartphones represent to your company. As more and more banks have offered apps and banking capabilities from customer phones, the potential to intercept all that money has simply become too appealing for thieves to ignore.
What are some basics you should require employees to follow to keep data secure? (Even if your employees don’t carry corporate-issued phones, it’s almost a certainty that they use that phone for business. As such, you should not only share these security tips, but require adherence).
Many people mistakenly believe a phone isn’t subject to cyberattack. Yet in reality, a mobile phone is really more like a mobile computer and should be protected as such. Applications and games can be malicious. Download only from reliable sources. If an app asks for more information than it needs to deliver its service, it’s best to skip it.
- Watch out for free wi-fi
By definition, free public wi-fi networks (like those at airports) are insecure. Unscrupulous cybercriminals scan traffic on the same network you are using. While companies should provide VPN technology for secure access, at least have a usage policy in place that forbids access of confidential data on open networks.
- Eliminate cross app access
Do not allow the frequent shortcut offered by many apps to access your data via another site, i.e. “Would you like to sign in using Facebook?” Create unique sign-ins for every app.
- Install all device operating system updates
Many updates are security-related. Make sure you have the most current version on your phone. (Be aware that some mobile providers and handset manufacturers limit updates, so take the time to research and understand your own supplier’s policies).
- Encrypt your phone or tablet.
This makes it very tough for someone to break in the device and steal data. Set a strong password for both the device and the SIM card.
- Follow up
It’s difficult to police personal devices, but have someone from IT take the time to meet with each employee and review corporate security expectations related to their phone. Most employees will appreciate any advice you can offer related to protection, so make sure you position these meetings as a service rather than an interrogation. If an employee refuses to apply required security measures (such as use of a device password), let them know they can’t use the phone to access corporate materials.
- Consider creating an enterprise app store
Either build custom apps or collect vetted apps from suppliers to address the most common functions—maps, travel resources, music, calendars etc. You won’t be able to offer everything an individual may want, but you can greatly reduce exposure to malware.
- Encourage or require installation of anti-malware software
It’s extra protection that can make all the difference. If employees carry personal phones, you may still want to provide free anti-malware. Any route into your corporate data is one you want to protect!