Mobile Device Compliance: Data and Hacking

Let’s review five ways in which you can keep your mobile phone secure, not only from hi-tech hackers, but also from low-tech thieves.

  1. Employee devices with root device access should be excluded

The BYOD (bring your own device) to the workplace trend has become more and more popular, this increases the danger of personnel using devices that they themselves have hacked on the company’s networks.

Known on iPhone as jailbreaking — rooting is a hacking technique that is relatively simple and provides the user a greater control over the system. It is much like having administration rights on a Windows PC. Although the users experience is enhanced, the security of the device is diminished.

These reasons alone are enough to make sure your personnel knows that rooted or jailbroken phones are not allowed to be brought onto your business network.

  1. Institute a BYOD Policy

The use of personal devices that are added to a company’s network while at the workplace is rapidly rising, this can pose a threat to security in smaller companies.

It is crucial to have a written policy in place, this will help to address some of the issues that BYOD could cause. This will also help to clarify what the employer as well as the employee’s responsibilities are. In order to confirm that not only has it been read, but that it is also understood, this document should be signed by all parties.

There is unfortunately no one size fits all solution to this issue. The needs will differ from business to business and a written BYOD policy could become a complex matter. That being said, starting from scratch is not necessary, there are free templates online that you can look over, from there you can edit as you see fit.

  1. Mobile Device Management Must Be Implemented

While having a written BOYD in place is crucial, this is not enough to safeguard you from employees who may not comply suggests Data Compliance expert River Cohen. Therefore, an essential component of any BYOD policy is a software component.

There are currently a large variety of MDM (mobile device management) packages on the market, therefore the critical aspects of the device for businesses can be sandboxed by IT managers. What this means is that all of a business’s contacts, texts, emails and applications remain protected from malware which could infect the devices personal areas, professional and personal data are kept entirely separate. IT managers are also able to control various other features from a central control panel, for example:

  • Finding devices that are lost or stolen
  • Disabling native applications
  • Managing security updates
  • Remote data wiping
  • Encrypting and locking devices, and
  • Detecting jailbroken or rooted devices
  1. Wipe and encrypt phones that have been lost or stolen

The moment that you pat your pocket and realize that your mobile phone is not there, is one of the worst feelings. Losing your personal phone is bad enough, however if you use your device for business, then the entire network of your company could be at risk.

byod

Fortunately, it is possible to remotely wipe and encrypt most smartphones. So if your phone should become lost, you do not need to worry about your data being compromised. The set-up process will vary depending on the manufacturer as well as the handset, so if you need help with the activation, check in with your provider.

It is however worth noting, that even though the casual thief may be deterred by out of the box solutions, attackers that are determined are able to find ways around these kinds of safeguards. Therefore, these solutions should always go hand in hand with a business security plan that is wider.

  1. Your existing threat defences should be audited

Regular security audits are what is recommended by the experts, this includes penetration testing, to keep your network safe from those who are seeking to attack through mobile entry points. However, for smaller businesses, this may be too expensive.

So, before penetration testing becomes an option, creating a checklist of your current threat defences as well as carrying out regular reviews is a good idea.

Create a checklist that looks something like this:

  • All screen locks should always be activated
  • As soon as possible, all security updates must be installed
  • Keep all threat detection and anti-virus software up to date
  • Regularly update your passwords
  • Make sure that remote wipe is always enabled

Make sure that device tracking is always enabled

Keep in mind that this is in no way meant to be used as a security strategy. All that it suggests are a few basic steps that can be taken to guarantee that phones are safe from hacking or data loss.

It is also important to implement continued development and training of staff — dealing with employee complacency can be quite expensive.

Final Point on Future Phone Hacking and Threats

As it becomes more common for flexible working and unified communications at work, this year high on the agenda for your business this year should be grater mobile security. And although keeping up to date on current issues is important, future issues such as wearable tech should also be taken into consideration.

The important thing to remember here is that it is important to be aware of how crucial it is to protect against data loss and phone hacking, this goes beyond installing an antivirus software system.  Being as they are potential gateways to  your network, at least the same level of protection to your mobile devices as you would apply to your laptop or desktop, then take it a step further and focus on the increasing complexity of high mobility and mixed use.

Staff training, a written policy and a blend of software is the combination and overall strategy that is needed to keep your company’s data secure.

Founder of Cyberwarzone.com.