There’s no debate about the convenience and utility of smartphones. In fact, several studies have shown that between 60% and 80% of individuals with smartphones use their devices for both personal and professional purposes, such as checking their office email and remote access to work-related files.
However, problems sometimes arise when businesses allow employees to use their personal devices for work-related tasks. This can cause security issues, because those personal smartphones may not be equipped with the same cyber-defense tools that employers require of company-issued devices.
Such chinks in the armor could pose a threat to the security of your company’s data and IT network. So, what measures should you put in place to better protect your company in light of personal smartphones being used for work-related tasks?
Smartphones Have Unique Vulnerabilities
Even everyday tasks performed on unprotected devices can present a risk. For example, users can easily send and receive emails, upload or view data, make phone calls, and even use smartphones to receive customer payments. While this boosts productivity, such access makes your network more susceptible to bad actors, especially when you consider smartphones are often used on public, unsecured networks, such as places with free wifi.
Where Are These Threats Coming From?
Many threats come from malware disguised as downloadable, and usually free, apps. From password vaults to document scanners to mobile planners, these applications are often taken for granted and don’t undergo much scrutiny. Without being vetted, these apps can perform any number of nefarious activities, such as stealing data, sending SMS messages to premium-rate text services, or spreading viruses to other connected devices.
The number of phishing attacks targeting smartphones is increasing. Already, there is a concern that many employees are unaware of how to identify a suspicious email, especially on a smartphone, where the tell-tale signs, such as incorrect links, unfamiliar email addresses, and preview links, are harder to detect as compared to when they are viewed on a desktop.
And without adequate training and other security measures, employees using their personal devices can be vulnerable to a host of other attacks. For instance, fake login sites and network spoofing can lure users into sharing their access credentials with cybercriminals. Also, just leaving a device unattended for a moment can give a bad actor, at say a coffee shop, an opportunity to steal the device or the data on it. Even text or voicemail scams are often able to bypass the security strategies that these businesses have in place for their desktops, laptops, and network.
While allowing employees to use their personal smartphones does present its own set of security challenges, there are still measures you can put in place to improve your cyber-defenses.
One security tool is Mobile Device Management (MDM), a software solution used to provide an interface for storing and securing data on devices used by employees in your organization. MDM can be used across an enterprise for both company- and employee-owned devices, including smartphones, as well as laptops, desktops, and tablets.
Again, one of the most important facets of your smartphone security strategy is employee training. If your company policy allows employees to use mobile devices, whether personally or company-administered, educating your team on best practices is one of the best ways to maintain security measures. Recommendations include the following:
- Password protect your phone
- Enforce two-factor authentication for tools such as email and document sharing/collaboration
- Don’t download or install apps from untrusted sources or, better yet, from sources not approved by the company’s cybersecurity administrator
- Delete unused apps
- Pay close attention to links or attachments in emails, especially those read on your phone (wait to view them on a desktop if possible)
- Backup data on all devices, in case the latter gets locked, stolen, or ransomed
- Set up your phone’s “find my device” option in case it gets lost or stolen
- Report any lost or stolen devices immediately
Whatever devices your company uses, it’s important to make sure you have an eye on cybersecurity, because large corporations, small businesses, and everyone in between could be the next victim of cybercrime. Don’t be an easy target. Be prepared.
We do, however, understand that developing a solid cyber-defense program can be a lot to handle. So, we at Sawyer Solutions are here to help. It’s our priority to understand your business and find a solution that meets your needs. To find out more about our tailored offerings, contact us for a free consultation!