June 10, 2022
As hybrid and remote work soared during the pandemic, so too did the use of mobile devices. Finally workers could access sophisticated digital tools from anywhere, and on any device. With the right security tools and procedures in place, it’s a win/win for businesses that needed to remain productive and agile while the pandemic was in its peak, and also a win/win for businesses that wanted to maintain the flexibility that workers enjoyed.
Like networked printers, smartphones and tablets were once overlooked by IT experts and hackers alike as potential cybersecurity risks. But any networked device is a potential gateway leading right to your data and your infrastructure, including a mobile device of any kind. And while many smartphones have cutting-edge security tools in some aspects, in others, they can be surprisingly difficult to protect.
In the past few years, hackers have figured out that smartphones and other mobile devices were vulnerable to exploitation, and they’ve begun to strategically target their users. Mobile devices may represent a new security risk, but in many aspects, the same tools and strategies can often be used to safeguard them.
Why Do Businesses Need a Mobile Security Policy?
Many small to midsize businesses don’t have a security policy for mobile devices, but recent statistics suggest mobile devices represent a larger risk than many people think.
- An average of 67% of employees use personal devices at work.
- 80% of the true cost of laptop theft is from a resulting data breach.
- 30% of organizations can’t protect employee-owned devices from malware.
- 74% of IT leaders have experienced a data breach due to a mobile security issue.
- One in ten Americans who use smartphones has had a phone stolen.
- More phishing schemes are specifically targeting mobile devices than ever before.
Mobile devices may well be your organization’s weakest link in maintaining cybersecurity. But with a decent mobile device security policy, it doesn’t have to be that way.
What You Should Consider When Choosing a Mobile Device Policy?
Corporate-Owned vs. Employee-Owned Devices
It will be simpler and easier to secure devices that your business owns, and you’ll be able to put more restrictive policies in place. But your staff will have fewer choices about the devices they use. Providing every member of your staff with a mobile device can be expensive, carrying a business phone as well as a personal phone around at all times can be frustrating, and mobile phones don’t tend to have long lifespans. Most users can get between two and a half to three years out of them.
If you decide your employees will use their own devices to access your tools and data, you might consider sharing the cost. Mobile devices and data plans can be quite expensive. Back in 2018, statistics indicated that smartphone use cost $75,000 over the course of a lifetime, and those numbers have certainly gone up since then. You may allow your employees to opt in to cost-sharing if they choose to use their own devices for work purposes if they also consent to adding certain security features and best practices.
If you’re still using legacy systems or are in a heavily regulated industry, mobile devices may not be able to access your organization’s tools and data. While mobile devices may be fine for responding to email in a timely fashion, a more restrictive security policy may have less impact on productivity otherwise.
A policy only works well if your staff actually follow it. Your organization may consider a Mobile Device Management (MDM) platform to make sure your staff haven’t gotten careless. It’s understandable that many people will feel uncomfortable installing an app on their own phones that will essentially monitor their use.
However, in many ways, monitoring employee behavior through technology is not new. You should explain what the app monitors and why, and give your staff the choice about whether to opt in (and potentially receive an incentive), or forgo using their own mobile devices for work. Some larger organizations may use a broader Enterprise Mobility Management tool that also includes MDM, but in many cases, it can impact productivity.
How Can Your Security Policy Be Updated to Secure Mobile Devices?
Many mobile device security programs and procedures are similar to what would secure other networked devices. However, as mobile devices are more vulnerable to theft, a few additions will need to be made.
Your organization should already be providing regular cybersecurity training. Every staff member who is also using a mobile device to access your data or tools should also be trained on best practices and any apps they may need to install on their device. For example, malware sites are harder to detect on mobile devices, as you can’t simply hover your mouse over a link to see its true nature.
You might consider requiring mobile devices to have a character minimum for passwords, or require two-factor authentication: for example, using a password in addition to a fingerprint, face scan, or the like.
Cybercriminals can target devices that use unsecured, public WI-FI networks. If possible, your organization should prohibit your staff from using public WI-FI, and explain why.
Even mobile devices that are only used to access workplace email should use device encryption.
No "Jailbroken" Devices
Consult an Expert
Depending on the mobile devices your staff is using and how they’re using them, it can be a challenge to pick the best solutions without doing quite a bit of research. Cybersecurity is constantly changing, and while the threat landscape affects every networked device, attacks against mobile devices are evolving rapidly. Marco’s cybersecurity experts are on-hand to answer any questions you might have, and give you some pointers on how to secure your data and infrastructure while enabling work on the go.