Five Tips For Better Mobile Security
As mobile devices become ever more sophisticated and mobile internet becomes increasingly available, organizations have moved toward allowing employees to take care of business on the go. It offers advantages for employers and employees alike, allowing more flexibility in scheduling and increased productivity. However, enterprise IT professionals know that business information must be protected (and there are often regulations in place demanding it, depending on the industry), and mobile devices present a new security challenge. Organizations want their employees to have maximum access to their information and systems via mobile devices, but have to have a way to ensure that these data and systems remain secure.
Mobile devices are, by definition, are being used on networks which the organization cannot control. Traditional security measures like firewalls, filtering, and the like won’t help. There are ways to help keep enterprise data more secure on mobile devices—here are five tips that explain how to do just that.
- Make Mobile Connections Through a VPN
While mobile users aren’t within the bounds of the organization’s network, IT can still control (to an extent) how they connect to it. It’s extremely important that that connection be secure, while still allowing the extension of the network to remote users. By using a VPN, users’ access to the network can be individually tailored and communications will be encrypted.
- Malware Protection
As any security expert knows, the biggest threat to network security is its users. Viruses, worms, and other security threats don’t usually make their way to the network themselves—they’re introduced, unwittingly, by the network users themselves. Going mobile doesn’t change that, and it may in fact increase the threat. Malware creators have conquered MacOS, Windows, and Linux; now they have set their sights on Android and iOS. To ensure better Enterprise mobile security in an organization, IT should issue a list of required antimalware software compatible with the mobile devices people will be using.
- Multi-layer Authentication
Don’t rely on a single password to protect the network. Instead, multi-layer authentication can be put into place. This is especially necessary with mobile devices, as they can easily be stolen, lost, or otherwise accessed by those they don’t belong to. Multi-layer authentication can be as simple as requiring a password as well as an answer to a secret question. Other options include using authentication devices which issue a new authentication number for each login attempt.
- Secure Settings on Mobile Devices
IT security should also be able to advise user on the best way to make their devices secure via settings configurations. For example, Bluetooth should never be enabled unless the individual is actively using it, and the device should be hidden from discovery by other devices.
- 3rd Party Software Control
This is the most difficult issue for organizations who allow their employees to use their personal mobile devices to connect to the network, and to a lesser extent for those who issue company approved devices. With company issued devices, enterprises may be able to block the use of any unapproved software. Because this can sometimes limit functionality for users, however, it’s sometimes an unpopular option. If blocking the use of other software isn’t possible, limiting it should be, whether via software or policy. If the device is the employee’s, they’ll need to log into the enterprise network via a virtual work environment. Virtual work environments prevent data from being cached on the device.
There’s no going back—we’re a highly connected, very mobile society now, and that’s only going to increase in the future. As a result, our security measures must evolve along with our methods of connecting. In fact, it’s very likely that in the future most employees will be accessing the network via mobile devices (and in some industries, this is already the case).
With this in mind, here’s a bonus tip we didn’t include because it’s not practical for all organizations: Provide employees with their own work-only mobile devices. Doing so will give the organization much more control over how the devices connect and interact with the network, and what employees are able to accomplish with them. This also makes it much easier to have standardized policies in place regarding security settings, third party software, anti-malware software and so on. It’s an additional expense, of course, and it is likely to be a significant one, but it greatly simplifies your security infrastructure.
If it’s possible to do so, do it; if it’s not possible yet, the organization should be working toward that goal, because it’s only a matter of time until it’s an unspoken requirement. There are too many advantages to doing so, and the mobile device market is becoming far more varied in terms of brands, operating systems, and types of devices. Soon, it will be even more difficult to practice good data security in a BYOD (bring your own device) environment.
Providing employees with their own company-approved devices makes it easier to practice good enterprise mobile threats security. It also simplifies training employees to use the network via their device, because there will be no exceptions or outliers in how the device performs on the mobile network. And finally, it streamlines the entire process of complying with industry regulations relevant to the organization.
If the company does opt for a BYOD environment, they should have strict policies in place regarding the type of devices being used, and require strong passwords and lock screens on the devices themselves. BYOD workplaces present unique enterprise mobile security challenges, but they can be made to be very secure. However, special attention must be paid to what devices users have, how the devices themselves are secured, how access to the network is secured, and how they connect to the network remotely. While this may seem like a tedious process, it’s much wiser for organizations to ensure that their network is secure ahead of time, rather than wait for a breach that could have a devastating impact on their business.