Australia has well and truly embraced mobile devices, with smartphone penetration expected to exceed 90% by the end of this year. It’s no surprise, therefore, that they are also a key element of the modern Australian workplace – indeed, to many employees they are just as crucial, if not more so, than their desktops.
But while mobile devices bring many benefits to organisations, including increased productivity, better flexibility, and more satisfied employees, they also add a significant level of complexity when it comes cybersecurity. Whether it’s malware-infected apps, phishing emails and text messages, or eavesdropping hackers, mobile devices are highly vulnerable to data breaches, which are hugely costly to organisations, not just in terms of money but also reputation.
Mobile security at work, therefore, is crucial. To ensure your mobile security is up to scratch, just follow these 5 essential steps.
1. Have a mobile security policy
Whether the devices in your organisation are employee owned or employer provided, the first step is making sure you have a mobile security policy that gives your employees clear guidelines on how their devices should be used and how information should be accessed. Not only does this help to prevent confusion, but giving employees a concrete policy to sign increases accountability.
Your policy may include things like:
- Restrictions on devices: If you have a BYOD policy, you may want to impose certain restrictions on the types of devices that can be used.
- Restrictions on third-party app downloads: Apps can potentially expose devices to the threats of data leakages or malware.
- User authentication requirements: The sensitivity of data being accessed from the mobile device will influence the degree of user authentication that is appropriate. You may want to enforce the use of strong passwords and passcodes, or even two-factor authentication and security tokens for more sensitive information.
- Encryption for sensitive emails and documents: If employees are regularly accessing sensitive corporate information while out and about, it is recommended that employees use a virtual private network (VPN) to access this data, which will ensure all communications are encrypted.
- Limitation or restriction of social media: Social media exposes employees to the risk of social engineering scams, but a number of organisations are using social networks such as LinkedIn for business development and prospecting. You may want to restrict your employees’ access to specific social media channels on work devices.
2.Include mobile device best practices in cybersecurity training
Your employees are themselves a huge cybersecurity risk. The latest Notifiable Breaches Scheme Quarterly Statistics Report states that 36% of reported data breaches were caused by human error – and this figure doesn’t include cyber incidents in which vulnerabilities involving specific behaviours were exploited (such as clicking on a phishing email or accidentally disclosing passwords).
That’s why regular cybersecurity training is so important when it comes to defending your organisation’s data. Considering the amount of time your employees are spending on mobile devices, this needs to be a key element of your training requirements.
Mobile device best practices that might be incorporated into your training program include:
- How to recognise phishing scams: Phishing is one of the most common types of cybercrime, largely because it is so effective. As phishing scams get more sophisticated, employees need to be ever more vigilant.
- Restricted use of unsecured networks and public wifis: Unsecured wifi networks put employees at the risk of ‘man-in-the-middle’ attacks. Employees therefore need to be careful about accessing corporate information while travelling.
- Being careful with devices when out of the office: Employees might not think anything of leaving their device unattended, but this can potentially expose devices to infiltration.
- Limiting notifications: Notifications can be helpful for users, but even a limited amount of information can be used by an enterprising hacker – and this information is often available at the mere press of a button, even when the screen is locked.
3. Have regularly scheduled security audits
The best way to find the gaps in your network is to put it to the ultimate test, and subject it to the same attacks that malicious hackers would conduct themselves. It is recommended to get outside expertise to audit mobile security and conduct penetration testing on mobile devices being used within the organisations. Once you know where the leaks are, it becomes much easier to plug them.
4. Use technology to support mobile security at work
When it comes to mobile security at work, you have to use every weapon in your arsenal and put up multi-layered defences in order to protect your information. Technology can be a huge cybersecurity asset – placing extra barriers between malicious attackers and your data.
Consider implementing systems such as:
- Antivirus and anti-malware software: Viruses and malware can enter mobile devices via emails, text messages, apps, and even online advertising. With so many avenues for potential infection, it’s prudent to have an extra layer of defence to protect your organisation.
- VPNs: As mentioned above, using a VPN provides a much more secure means of accessing information as it prevents hackers from eavesdropping on your network connections.
- Remote virtual work environments: Allowing employees to access systems remotely protects data as it is only viewed, and not stored, on the device. This means that, in the event that a device is intercepted, there is no sensitive data for the taking and this reduces the risk of a security breach.
- Mobile device management (MDM) platforms: MDM platforms give you much more control over your employees’ devices, allowing you to update security settings, monitor for malware, remove unauthorised applications or users, or even remotely wipe the device in the event it is lost or stolen.
5. Have a data breach response plan
You might have the most stringent policies, well-trained employees, and the very latest technologies, but that doesn’t mean you’re completely immune to data breaches. Zero-day vulnerabilities spring up, devices get misplaced or stolen, and employees make mistakes. It is wiser to see data breaches as an eventual inevitability, and to be prepared for that inevitability.
It’s crucial, therefore, to have a thorough data breach response plan that outlines how to:
- contain and assess the damage,
- notify affected individuals and relevant third-parties, and
- review the incident in order to further strengthen security.
For more information, take a look at the Australian government’s guide to data breach preparation and response.
With vigilance and due diligence, you can ensure your data remains secure, and protect your organisation from the consequences.
Security is just one aspect of a highly functioning mobile network. KYOCERA Net Manager supports the use of mobile devices at work by not only enhancing data security, but also reducing costs and streamlining processes. To learn more about what Net Manager can do for your business, download the fact sheet now.