Often times, businesses don’t have a well established and enforced mobile device management process in place. There are 6 key things that must be in place to ensure a reasonable amount of security in today’s workplace and computing environment.
- Implement a mobile device policy - This is particularly important if your employees are using their own personal devices to access company e-mail and data. If that employee leaves, are you allowed to erase company data from their phone? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised? Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured, but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can and cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place.
- Require STRONG passwords and passcodes to lock mobile devices - Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way in preventing a stolen device from being compromised. Biometrics which are now commonplace on mobile devices are great, but they must be turned on in order to work. Many people don’t even lock their phones and other mobile devices.
- Require all mobile devices be encrypted - Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that unlocks (decrypts) the data. Doing this prevents lost or s . tolen phones from being a liability, even if they cannot be remotely erased for some reason.
- Implement a remote wipe software for lost or stolen devices - If you find a laptop was taken or a cell phone lost, remote “kill” or wipe software will allow you to disable the device and erase any and all sensitive data remotely. Once you send a remote wipe command to a device, it is received the moment the device connects to the internet or cellular network.
- Backup remote devices - If you implement step 4, you’ll need to have a backup of everything you’re erasing. To that end, make sure you are backing up all MOBILE devices including laptops so you can quickly restore the data.
- Jailbreaking - Jailbreaking your iPhone or rooting your Android is risky for your business. While the processes are different, the end result is bypassing what phone manufacturers intended (including security protocols) and ultimately weakening the security of your device. Ensure that employees understand that Jailbroken devices must not be used for work purposes.
While these 6 are a good start, many organizations that are heavily using mobile devices or are handling highly sensitive data such as credit card numbers, financial information, social security numbers or medical records need to be far more diligent about monitoring and securing all mobile devices. For those of you who fit into that category, we have a special report that details 10 security measures and tips that you need to implement and know about that many IT firms don’t know or won’t tell you. For a free copy of the mobile report, simply fill in your information below, call my office at 818-600-4478 or shoot me an e-mail at info@integritechs.com with “Mobile security report” in the subject line.
