How to Minimize the Security Impacts of Mobile Devices

Mobile devices such as smartphones, tablets, and laptop computers offer an incredible amount of flexibility and convenience for employees—especially when they’re working remotely outside of the office. However, as convenient as these devices are, they can also create new security risks for the organization (and the employees who use them).

Being able to minimize the security impacts of mobile devices is a crucial part of safely enabling a remote workforce. The question is: “How can you reduce the risk of mobile device security breaches, and minimize their impacts if they do occur?”

Here are a few tips to help you improve your organization’s mobile security.

1) Reduce the Security Impacts of Mobile Devices by Creating BYOD Policies

In many cases, the mobile devices that employees use are personally-owned instead of provided by the organization. While this helps the organization to minimize mobile device costs (since it doesn’t have to pay for the devices), it can also mean that the company has less control over these devices and how they’re configured.

To help set ground rules for the use of personal devices for work, and to give the organization some control over mobile device security, it is often necessary for the company to establish a formal bring your own device (BYOD) policy.

This BYOD mobile device policy should outline:

• What apps should or shouldn’t be installed on the BYOD device;
• A list of required mobile security settings (mobile device encryption, multi-factor authentication, VPN use enforcement, etc.);
• If and how the company may use location tracking features (for employee privacy reasons);
• Who is responsible for device costs (employees or the employer);
• Whether a mobile device management (MDM) solution will be used; and
• Appropriate use habits for personal devices at work.

These rules help form the basis for how mobile devices can be used in the organization. Even for organizations that don’t directly integrate mobile device use into the business plan, BYOD mobile device policies may be helpful for clarifying how employees may (or may not) use mobile devices at work.

2) Use a Mobile Device Management Solution

Mobile device management platforms help organizations control the mobile devices used throughout the organization—thus minimizing the security impacts of mobile devices. MDM solutions may incorporate many different features and capabilities, such as:

• Location Tracking for Mobile Devices. Knowing where devices are located is immensely useful for preventing the theft or loss of mobile devices that may be holding sensitive data.
  
  
• App/Software Distribution. Often useful for ensuring that all of the mobile devices that are used in the organization have the appropriate software programs installed for team communication or completing specific work tasks.
  
  
• Remote Data Wipe. Invaluable for ensuring that data on a lost or stolen device cannot be used for malicious means. May be a contentious mobile security measure since it may affect the employee’s personal data.
  
  
• Security Setting Enforcement. Some MDMs can enforce specific security rules, such as using device or app-level encryption and using strong passwords. This helps to improve overall mobile device security throughout the organization.
  
  
• Application Whitelists or Blacklists. Mobile device management software can create lists of pre-approved apps and software (whitelists) that are allowed to run on the device, while blocking all other apps from running. Alternatively, a list of banned applications (blacklist) can be created to keep only those apps on the list from running.

Not all MDMs have the same features, so it’s important to check with the solution provider to learn more about their specific capabilities and how the solution is managed.

3) Enforce the Use of Virtual Private Networks

A virtual private network (VPN) is often used to anonymize and encrypt communications between remote workers and the business’ network assets. As noted by PCmag.com, “A VPN creates a virtual encrypted tunnel between you and a remote service operated by a VPN service. All your internet traffic is routed through this tunnel, so your data is secure from prying eyes.”

This can be invaluable for ensuring mobile security when employees are “out and about” and have to use public Wi-Fi networks to connect to the internet. In public spaces, there is an increased risk of malicious actors setting up fake Wi-Fi hotspots for employees to connect to and using that to hijack data. With a VPN, the data is encrypted, making it harder to use. Also, because the data is routed through the VPN, the destination IP address for communications is harder to track, which provides extra security for the business.

While a VPN won’t stop every attack, it can make it significantly harder for hackers to target a specific business.

4) Train Employees in Safe Internet Use Habits

Not all employees (even those among the “Millennial” generation) are aware of the various cyber threats that they face online. Many people lack the basic cybersecurity awareness needed to avoid data breaches. This is where a security education, training, and awareness (SETA) program helps.

SETA programs can increase employee awareness of cybersecurity issues—especially with ongoing training that details some of the latest threats. Some basic steps for building a SETA program to enhance mobile security awareness include:

1. Defining Your Security Education Goals. Create measurable goals for improving security awareness in the organization, such as “reducing use of unsecure Wi-Fi by 75%,” which can be used to benchmark progress.
   
   
2. Assess Your Audience. Get a feel for the overall level of cybersecurity awareness in the organization by using surveys or tests. The results of such assessments can be used to identify specific issues that need addressing in the organization.
   
   
3. Develop Program Topics Based on Assessment Results. Using the survey/test results, develop SETA program topics to address any major mobile security knowledge gaps that have been identified.
   
   
4. Create a Plan for Distributing SETA Program Materials. Establish how the education resources will be delivered to employees. The choice of training method may differ based on the size of the organization and the complexity of the training. Some may opt for in-person staff meetings, while others may choose to use emailed documents.

These are just a few of the ways that organizations can reduce the security risks and impacts of using mobile devices.

Need help securing the mobile devices used on your business’ network? Reach out to the Compuquip team today to learn more about increasing network security and securing mobile devices.