Mobile Device Compliance: Data and Hacking

Let’s review five ways in which you can keep your mobile phone secure, not only from hi-tech hackers, but also from low-tech thieves.

  1. Employee devices with root device access should be excluded

The BYOD (bring your own device) to the workplace trend has become more and more popular, this increases the danger of personnel using devices that they themselves have hacked on the company’s networks.

Known on iPhone as jailbreaking — rooting is a hacking technique that is relatively simple and provides the user a greater control over the system. It is much like having administration rights on a Windows PC. Although the users experience is enhanced, the security of the device is diminished.

These reasons alone are enough to make sure your personnel knows that rooted or jailbroken phones are not allowed to be brought onto your business network.

  1. Institute a BYOD Policy

The use of personal devices that are added to a company’s network while at the workplace is rapidly rising, this can pose a threat to security in smaller companies.

It is crucial to have a written policy in place, this will help to address some of the issues that BYOD could cause. This will also help to clarify what the employer as well as the employee’s responsibilities are. In order to confirm that not only has it been read, but that it is also understood, this document should be signed by all parties.

There is unfortunately no one size fits all solution to this issue. The needs will differ from business to business and a written BYOD policy could become a complex matter. That being said, starting from scratch is not necessary, there are free templates online that you can look over, from there you can edit as you see fit.

  1. Mobile Device Management Must Be Implemented

While having a written BOYD in place is crucial, this is not enough to safeguard you from employees who may not comply suggests Data Compliance expert River Cohen. Therefore, an essential component of any BYOD policy is a software component.

There are currently a large variety of MDM (mobile device management) packages on the market, therefore the critical aspects of the device for businesses can be sandboxed by IT managers. What this means is that all of a business’s contacts, texts, emails and applications remain protected from malware which could infect the devices personal areas, professional and personal data are kept entirely separate. IT managers are also able to control various other features from a central control panel, for example:

  • Finding devices that are lost or stolen
  • Disabling native applications
  • Managing security updates
  • Remote data wiping
  • Encrypting and locking devices, and
  • Detecting jailbroken or rooted devices
  1. Wipe and encrypt phones that have been lost or stolen

The moment that you pat your pocket and realize that your mobile phone is not there, is one of the worst feelings. Losing your personal phone is bad enough, however if you use your device for business, then the entire network of your company could be at risk.


Fortunately, it is possible to remotely wipe and encrypt most smartphones. So if your phone should become lost, you do not need to worry about your data being compromised. The set-up process will vary depending on the manufacturer as well as the handset, so if you need help with the activation, check in with your provider.

It is however worth noting, that even though the casual thief may be deterred by out of the box solutions, attackers that are determined are able to find ways around these kinds of safeguards. Therefore, these solutions should always go hand in hand with a business security plan that is wider.

  1. Your existing threat defences should be audited

Regular security audits are what is recommended by the experts, this includes penetration testing, to keep your network safe from those who are seeking to attack through mobile entry points. However, for smaller businesses, this may be too expensive.