As more businesses equip their staff with smart phones, or employees use their own smart devices to access company databases, most companies overlook the need to ensure that these new gadgets can be a significant security risk.
While most businesses are aware of the need for firewalls, encryption and antivirus software for company PCs and laptops, they are leaving gateways to their data ajar on these mobile phones.
Add to that the fact that many smart phone users can be careless about using their miniature handheld computers, storing company passwords directly on the phones. If the device is then lost or stolen, whoever finds it or the thief may end up with unfettered access to your database.
A report conducted in 2011 by McAfee and Carnegie Mellon CyLab found that one-third of respondents keep passwords, pin codes and credit-card details on their smart phones, and as many retain sensitive company information on them.
Phones, like laptops used in public places, are also susceptible to hacking, particularly if they are accessing data through a Wi-Fi network.
With all of this in mind, if your organization has not already done so, it’s time to start considering risk management and security measures for mobile devices used by your employees.
To ensure your organization is not left vulnerable from a mobile device soft spot, you should consider:
• Creating a company policy on smart phone use. If you want your staff to use smart phones, for the sake of continuity, tracking and monitoring data and emergency response you should have them all use devices from a single manufacturer.
You should also create policies for smart phones, such as not using them for personal purposes and warning staff not to click on any links not sent by the company itself. There should also be an instant-response plan in place in the event the device is lost or stolen.
• Securing the devices. The McAfee and Carnegie Mellon CyLab report found 40% of companies have had at least one mobile device lost or stolen, and half of those devices contained business critical data. Another report, “Mobile and Security: Dazzling Opportunities, Profound Challenges,” found that more than a third of the losses
had a financial impact on the organization.
There is a range of options for making your employees’ companyissued smart phones secure. Require your staff to use strong passwords that are unique only to their handsets, and that they change those passwords once a month. Also, most phones come equipped (or it can be downloaded) with software or services that can remotely locate, lock and wipe your phone. This will give you peace of mind that your data can be protected if a device goes walkabout.
Also, use antivirus software on smart phones, and urge staff not to use Wi-Fi hotspots and to turn off Bluetooth detection so that others can’t access your employees’ phones.
• Controlling apps and other non-business-related addons.
Establish a policy whereby you are notified if any applications are added or removed. A number of apps in the mobile marketplace contain malware, so it’s essential that your staff not add any apps without prior approval.
• Backing up or synching data frequently. Most smart phones can back up critical data and settings via a simple synchronization with either online storage (such as the Cloud) or at the office to a company computer. This will ensure that any information added
in the fi eld will be retained by the company.
• Updating the operating system. Phone users are notified by the OS vendor, hardware manufacturer or mobile carrier when new operating system updates are available. You should strongly urge staff to heed those notifications, as they often carry security-related upgrades.
• Preparing for mobile wallets. The next trend in smart phones is the use of “mobile wallets,” which will allow companies to use something that’s known as NFC technology to make payments easier, or employees may use the technology to pay for goods and services. Phones with this capability should have strong password protection and encryption – those are the basics. Because these phones may be susceptible to eavesdropping and data disruption, you should consider secured socket layer (SSL)-encrypted tunnels like those used for online credit-card transactions. At this point, however, it’s too early to tell if the phones will have this capability, as they are
an emerging technology.
• Evaluating at your insurance coverage. Prevention is always a good first step, but a back-up plan is to ensure that you have the proper insurance to protect against any costs or liabilities associated with data breaches related to your smart phones, particularly if personal information is exposed.
Ask us about policies that can cover cyber liability.
Call us (1-888-235-9946) or fill out the contact form by clicking below. In many cases Leaders’ Choice can help lower your annual premium by as much as 30%.