Blog

Home  /  Knowledge Base   /  10 Mobile Security Best Practices to Keep Your Business Safe

10 Mobile Security Best Practices to Keep Your Business Safe

As smartphone and tablet use continues to expand in the business landscape, organizations have become more aware than ever of the threat of mobile security attacks. While different, what these companies all share is a sense of helplessness — that it’s only a matter of time before someone finds a way to infect their smartphones and tablets with malware or fall victim to phishing.

[wt_spacer height=”10″ separator=”” el_file=””]

In some cases, that feeling of helplessness is real, particularly if you’re working for a smaller business that doesn’t have a formal security role or a dedicated team to assess and mitigate potential risks.

[wt_spacer height=”10″ separator=”” el_file=””]

However, fending off potential security issues is especially important for these small and midsize firms. Given that their employees tend to juggle multiple responsibilities, they rely on mobile devices to go wherever they’re needed while staying connected to corporate data and applications.

[wt_spacer height=”20″ separator=”” el_file=””]

Here are 10 ways your organization can remain proactive in its approach to mobile security and management.

[wt_spacer height=”10″ separator=”” el_file=””]

1. Make Upgrading a Priority

[wt_spacer height=”10″ separator=”” el_file=””]

According to the most recent NPD Connected Intelligence Mobile Connectivity Report, the average upgrade cycle for smartphones in the U.S. is 32 months — nearly three years. That reflects how often consumers make the move to a new device, and it’s up from 25 months the year before.

[wt_spacer height=”10″ separator=”” el_file=””]

That kind of cadence might be fine for people who are only using their devices for personal apps and content, but businesses need to approach upgrade decisions differently. Security researchers learn a lot about the changing tactics of malware authors, distributed denial of service (DDoS) attackers and ransomware campaigns in a three-year period. So do device manufacturers, who are building in protections that specifically address common attack vectors as networks evolve to 5G.

[wt_spacer height=”10″ separator=”” el_file=””]

In BYOD environments, it’s critical to set minimum requirements for the devices that are allowed to access corporate systems and apps. Beyond three years from initial release, many devices stop receiving regular OS updates and security patches, making them more vulnerable to new exploits.

[wt_spacer height=”10″ separator=”” el_file=””]

If you’re dealing with constrained IT resources, you have to determine the tradeoff between trying to figure out a mobile security strategy on your own and simply making use of what is already market-ready and available to businesses.

[wt_spacer height=”20″ separator=”” el_file=””]

2. Make MDM a Mainstay

[wt_spacer height=”10″ separator=”” el_file=””]

Companies have always made sure they could keep track of the equipment they’ve purchased, but there’s a difference between monitoring what happens on an oil rig that never moves and a fleet of smartphones that have been deployed to on-the-go employees.

[wt_spacer height=”10″ separator=”” el_file=””]

Why You Need an Incident Response Playbook

 

 

Get this free guide on how to respond to mobile security breaches — or thwart them altogether.

[wt_spacer height=”10″ separator=”” el_file=””]

While mobile device management (MDM) has been adopted by most enterprises, smaller firms have plenty of reasons to explore it as well. MDM tools can be helpful to companies that offer a bring your own device (BYOD) program but want to make sure employee devices don’t open them up to security threats.

[wt_spacer height=”10″ separator=”” el_file=””]

While choosing an MDM solution will take some research, midsize firms can get a head start by making sure the devices they deploy or recommend to employees incorporate security capabilities from the chip up.

[wt_spacer height=”20″ separator=”” el_file=””]

3. Whitelisting and Blocklisting

[wt_spacer height=”10″ separator=”” el_file=””]

Many security threats penetrate companies due to user errors which are often just honest mistakes. Employees might not realize by downloading an app, for instance, that they are effectively leaving the door open to have corporate data stolen from their smartphone.

[wt_spacer height=”20″ separator=”” el_file=””][wt_spacer height=”10″ separator=”” el_file=””]

Whitelisting and blocklisting apps via MDM helps protect employees — and their employers — from these kinds of risks by making it clear which apps and sites are safe.

[wt_spacer height=”10″ separator=”” el_file=””]

Blocklists give IT departments peace of mind by blocking access to certain apps and sending notifications when an attempt is made. Whitelists, on the other hand, may be more effective for highlighting the mobile tools employees should be prioritizing over games and social media.

[wt_spacer height=”20″ separator=”” el_file=””]

4. Two-Factor Authentication and Biometrics

[wt_spacer height=”10″ separator=”” el_file=””]

Weak and easily forgotten passwords can make it simple for rogue third parties to gain access to mobile devices. Two-factor authentication is a straightforward way for small and midsized businesses to begin developing a layered mobile security strategy.

[wt_spacer height=”10″ separator=”” el_file=””]

While tokens have sometimes been used as part of two-factor authentication, fingerprints and other biometric identifiers are quickly gaining ground. In fact, 70 percent of businesses will use biometrics for workforce access by 2022, according to market research firm Gartner. Biometrics can be used in tandem with the data separation technologies discussed below.

[wt_spacer height=”20″ separator=”” el_file=””]

5. Get Comfortable With Customization

[wt_spacer height=”10″ separator=”” el_file=””]

When new hires are brought on board, they usually aren’t given keys to every filing cabinet, the company’s banking credentials or other proprietary data that require a certain level of seniority or privilege. In the same way, it doesn’t make sense to grant every employee unfettered access to all manner of corporate apps and data.

[wt_spacer height=”10″ separator=”” el_file=””]

IT managers can get around this with tools that let them customize mobile devices before they are handed out to their workforce. A good example is Samsung’s Knox Configure, which enables businesses to create a myriad of simple-use scenarios, from customizing boot-up screens to creating dedicated-use devices with only work-related apps.

[wt_spacer height=”20″ separator=”” el_file=””]

6. Separate Work and Play

[wt_spacer height=”10″ separator=”” el_file=””]

Even if they don’t have a dedicated desk with their own drawers, companies often offer employees a safe place of some kind where they can place personal items and secure them until they’re needed at the end of the day. Strong mobile security involves taking a very similar approach to the way data and apps are partitioned on the device.

[wt_spacer height=”10″ separator=”” el_file=””]

Containerization, for example, allows smartphones to create separate workspacesof business apps and content that can be centrally protected and managed. Administrators don’t need access to an employee’s personal apps or data and can therefore provide the optimum mix of flexibility and security. This lets IT departments lock down sensitive company information, while letting employees maintain confidence in their personal privacy.

[wt_spacer height=”20″ separator=”” el_file=””]

7. Ease the Updating Process

[wt_spacer height=”10″ separator=”” el_file=””]

Just as new security threats are constantly cropping up, companies are simultaneously developing fixes that can be applied to mobile devices. Unfortunately, that often puts the burden on a company’s IT resources (which can be scarce or spread thin in midsized firms) to apply all the right patches on a regular basis. According to IDG’s 2019 Security Priorities Study, patch management is still one of the most widely used methods for large enterprises to combat security threats, and smaller firms should do the same.

[wt_spacer height=”10″ separator=”” el_file=””]

Technologies such as electronic firmware over-the-air (E-FOTA) mean employees don’t have to wait while patches or other updates are being pushed to their devices. Instead, updates can be scheduled across the entire team, ensuring all updates are tested and compatible, and all devices are uniform.

[wt_spacer height=”20″ separator=”” el_file=””]

8. Keep Policies Current

[wt_spacer height=”10″ separator=”” el_file=””]

If employees fall victim to a phishing scheme and get locked out of their devices, or data loss occurs because settings were somehow tampered with, a company will probably be quick to outline an updated mobile security policy for everyone to follow.

[wt_spacer height=”10″ separator=”” el_file=””]

Rather than wait until disaster strikes, however, the most successful organizations stay on top of security issues and get in front of them from a policy perspective. At least every six months, review your mobile security posture, from your ability to monitor device usage, points of vulnerability and the age of your smartphone fleet.

[wt_spacer height=”10″ separator=”” el_file=””]

Then, look forward to new devices that might be integrated into your workforce as part of new hire onboarding or upgrades across a department. Make sure updated policies are well documented. Of course, make sure employees are held accountable for reviewing and adhering to the policy as well.

[wt_spacer height=”20″ separator=”” el_file=””]

9. User Training and Security Awareness

[wt_spacer height=”10″ separator=”” el_file=””]

The IDG study showed that almost a third of those surveyed, or 31 percent, cited employee training as one of the top areas where they fall short. “This speaks to the perpetual problem of employees as a security risk,” the authors wrote.

[wt_spacer height=”10″ separator=”” el_file=””]

Training and security awareness is never a once-and-done activity, but something that should be treated as an ongoing work in progress. The companies that do this successfully make sure the content is easy to understand and available through different channels depending on their preference. Examples could include tips in an employee newsletter, an instructional video on a company intranet or even push notifications sent to all employee smartphones.

[wt_spacer height=”20″ separator=”” el_file=””]

10. Seek a Scaleable Path

[wt_spacer height=”10″ separator=”” el_file=””]

A small company might not be small forever. Growth can come quickly via a strategic initiative to expand into a new market or territory, an M&A or some other tipping point. What won’t change is the need for your workforce to be equipped with the best tools available to do their jobs from wherever they are.

[wt_spacer height=”10″ separator=”” el_file=””]

Of course, configuring and provisioning devices one by one is a nonstarter for IT departments, so think about how you can find an MDM tool or related application that will streamline this process as the organization evolves.

[wt_spacer height=”10″ separator=”” el_file=””]

Fortunately, none of the Android mobile security tips outlined here have to be developed from scratch. Solutions such as Samsung Knox Manage and Knox Configure were deliberately designed to help organizations from small firms to large enterprises with the ability to secure, manage and provision smartphones successfully.

[wt_spacer height=”10″ separator=”” el_file=””]

Sources: Samsung

Post a comment