The cybersecurity industry is bigger than it has ever been. In fact, the growth of the field of cybersecurity is completely necessary, as the frequency and sophistication of cyberattacks generally tend to increase by the year. More and more businesses are seeing that they need to invest in the proper services and tools to protect their networks.
Mobile security is becoming a particular focus. There was a time when cybersecurity was easier, because we didn’t have laptops or other portable devices – there were just desktop computers in the office that needed protecting. We spoke to TechQuarters, a provider of IT support services in London, about mobile security. They said that, because employees are now accessing company resources via mobile, usually using multiple Wi-Fi networks in the process, that securing mobiles is especially important. Below is a list of what their mobile security checklist for small businesses includes:
- Access Control
Controlling access to a mobile device is a good way of eliminating the risk of unwanted users accessing data on the device. The most basic form of access control is setting up a password or pin on the mobile device – facial and fingerprint recognition is also popular nowadays. Access control can be made even more specific. For instance, location and time-of-day can be used as criteria for whether a mobile device can be accesses – thus is a device is stolen, it’s harder to unlock.
- Mobile Data & Comms Encryption
There is such a thing as man-in-the-middle attacks that commonly occur on public Wi-Fi and mobile (4G or 5G) networks. It means that users can steal data in transit – such as while it is being sent from a mobile data to an app server, or to a public network. Therefore, all data and communications on a mobile device for work should be properly encrypted. It is recommended to use SSL connections to ensure that communications over all networks are encrypted.
- Data Leak Prevention
Some businesses might have a BYOD (bring your own device) policy that means users have business apps on a personal device – or the inverse, they install social media apps or other personal apps on a business device. This can sometimes lead to data leaks occurring. However there are ways to ensure these leaks don’t happen. For instance, you can disable copy and paste functions for all business apps. Likewise, you can disable screen captures. You can even prevent sensitive data from being downloaded onto a mobile device whatsoever.
- Device Theft Protocol
If an employee’s device is stolen, there should be a procedure in place to secure the company’s data. The most reliable solution is either mobile device management or unified endpoint management. Both solutions enable an organisation to remotely all corporate data from a device, or wipe the entire device entirely, or lock a device. Another solution is ensuring that all corporate data is stored in the cloud only.
- Antivirus and Malware Scanning
Particularly with BYOD policies, it is important for devices used for work to be scanned regularly for viruses and malware. A business may provision users with a license for an antivirus software. It is also important that a business’ IT department ensures that mobiles have the latest patches and updates for business apps installed on them. These updates are often to close loopholes that were discovered, so out of date apps could be vulnerable.
- Employee Education
Finally, it is of utmost importance that employees in a business are properly educated on best practices for mobile security. For instance, employees should be aware of all the common mobile security threats – including phishing attacks, downloaded apps and software from unauthorized vendors, vulnerabilities presented by rooting or jailbreaking phones, etc.