Mobile devices are the way we now do business. From checking email, surfing the web to connecting on social media and creating reports, we are always on, always connected, always busy.
Smart devices, phones and tablets, are critical to having an edge over your competition. They hold a large amount of data that most people do not consider important – until we lose it. We realise, too late, that we have lost some very important information.
Using mobile devices means that we can work from anywhere at anytime, if we want to that is. The lines between work, business and our personal lives are blurring especially if you are a business owner or a manager of a small or medium business (SMB)
The risk requirements for both BYOD and business supplied devices is very important to ensuring the rest of the business is secure.
With so much happening on our mobile devices, how do we protect them from both the physical world as well as the digital world.
Think about these ideas that you need to deploy to protect your physical device.
- Never leave it alone. In some places your phone can be stolen right out of your hand while you are talking on it – In NY this is called apple picking. In most places, the simple act of leaving your device on a table while you pick up your coffee is the only opportunity that the bad guys need.
- When it is not being used – lock it. Using a simple 4 number code, a decent password or biometrics ensures that the information on your device is secure for the initial attempt at access. Change the settings to 3 attempts or 5 attempts before it is locked for x minutes will ensure that you have time to remote wipe the device.
- Back it up – you never know when something bad is going to happen to your phone. From a theft to dropping it in the toilet, if it happens how are you going to gain access to your precious data – your contacts for instance.
That is the physical side, what about digital protection:
- Passwords – Yes we hate them, but in today’s digital world it is one of the only things that keeps the bad guys out. All passwords should be 8 or more characters, use complex and complicated features (capitals, numbers and symbols), not be a dictionary based word, be easy to remember and be unique for each site. That’s the reason we ignore those requirements and use the same one for everything.
- If passwords are a problem then get a password manager or a single sign on (SSO) system. This will ensure that you can use complex passwords and not have to worry about them. SSO can also be deployed by an organisation to protect their social media and infrastructure requirements. If a device is compromised, just delete the access to your business systems.
- Run Anti-Virus / Anti-Malware. Most people think that the operating systems of android and apple are secure. This could not be further from the truth. Although apple is a little more secure, malware is not always targeted at operating systems. It is targeted at sub systems like Java, flash and adobe. That is why all devices need AV as a real time protection system as well as a regular scan to pick up malware that may have disguised itself in the installation process.
- Only install legitimate software. Software that is in the app store (Apple) and the Google store (Android) have been vetted to a level to ensure that they do not include malicious code. Some systems sneak through but they are quickly weeded out. Applications directly downloaded from websites are especially prone to infection and do not have this protection.
Managing business risk is critical to the resilience of the business. Make sure that your road warriors have the resources available and needed to work but that they are also safe, secure and protect your business..
Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework. He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.