In one of our previous posts, we tackled the risks of letting shadow IT proliferate in your organization. One major component of shadow IT is the use of unvetted personal devices for work purposes. We established that while employees using their own machines saves you money and makes them more productive, it does open your firm up to cybersecurity risks, such as infecting your network with malware.
It must be mentioned, however, that if not managed correctly, mobile devices your company issues for your employees can also make you vulnerable to data breaches. Staff can leave their machines unattended and unlocked for unauthorized people to see and steal, or they can go rogue and transmit confidential files to people who are not supposed to receive them.
Regardless of whether the mobile devices you let your employees use are personally owned by them or are issued by the company, you need to keep your data safe at all times. Here are five tips for you to consider.
1. Put a mobile device security policy regarding company-issued devices in place
Convey to employees that the privilege of using mobiles provided by the company comes with responsibilities. In this policy, clearly indicate:
- The rules for properly using the device
- The consequences for violating those rules
- The reasoning behind the rules, i.e., the security risks of using mobile devices for work
- Additional steps users can take to mitigate those risks
2. Implement a bring your own device (BYOD) policy
Be firm in applying rules when allowing employees to use their personal devices for work. You’ll want to clearly communicate that while you’ll respect their privacy and won’t affect the part of their gadgets that they use for personal matters, you’ll have to introduce some control and security mechanisms for the portions that they allocate for work. These mechanisms include:
- Remote wiping software
- Anti-malware programs and other protective software
- Protocols for regularly backing up data
- Standardized steps for reporting lost or stolen mobile devices
- A list of apps that are verified safe to download and use
- Skills training for safeguarding company data when accessing non-company networks
- Cybersecurity practices such as using strong passwords and device locks that automatically activate once idle time thresholds are exceeded
3. Always have the latest app and anti-malware program updates installed
Apps are never released perfect. These always have bugs in the form of functionality issues and cybersecurity vulnerabilities. To address these, developers send out security patches, which end users must then promptly apply to become secure as soon as possible.
As for anti-malware programs, there are free versions that are sufficient for securing non-critical data and processes, whereas paid subscriptions come with extra features such as better support, app blacklists, message monitoring, and call logs for noting suspicious communications.
4. Enforce regular device backups
If company files are stored on mobile devices, you run the risk of losing the former when the latter are lost or stolen. For your peace of mind, implement backup protocols so that you can retrieve data when you have to.
5. Implement strong password policies
We’ve written at length about how you can improve data security by following strong password practices — and these are very much applicable to mobile device users as well. You’ll also want to explore using password managers — these are great on desktops, and now apps are available for mobile devices as well.
Adapt or let your business be left behind. Take advantage of mobile technologies while minimizing risks by consulting Xbase. Our Exponentially Better™ IT services are certain to bolster productivity, cost-effectiveness, and data security.