Keeping On Top Of Mobile Device Security

2020 has been a year of change, the most notable being the work from home revolution that the COVID-19 pandemic brought about. Businesses that operated on a 9-5, 5 days a week in the office had to shift gears and consider remote work options in order to keep processes running smoothly while keeping team members safe from the threat of disease.

The prevalence of remote work also brought about new ways of working. While away from the office and in their own homes, team members naturally gravitated towards using their personal devices to access company accounts and client data.  

Here are the top risks of mobile devices to your firm, and simple solutions for mitigating them.

Convenience

The first systems to typically visit a phishing website is a mobile device (IBM)

The risk: According to a study by IBM, the first systems to typically visit a phishing website is a mobile device. Why? People are more likely to check their phones when a notification pops up, even when they’re away from their work devices. Ever since mobile devices arrived onto the scene, people are more ‘plugged in’ than ever—and this applies to your team members as well.

Mitigating the risk: As with work devices like your computer, never click on dodgy emails or download files without running them through an antivirus check yet (if you don’t have an email filter). Check out our guide to Spotting the Scam for pointers on immediately seeing red flags in a suspicious email.

BYOD (Bring Your Own Device) leading to Data Sprawl

The risk: BYOD can mean that team members’ personal devices are being used for work purposes, whether they’re secure or not. Most people don’t have stringent security measures on their phones or tablets like they do on their work PCs.

This also means that data sprawl could occur, with sensitive files and client data getting downloaded onto mobile phones and tablets. How often are these files deleted from your team members’ devices?

Mitigating the risk: Conduct an audit of the devices that team members use to access work accounts or files with, and ensure only authorised devices have access to this sensitive data.

Have a Mobile Device Security policy in place, or ask your IT provider what basic policies could be set in place (like only using devices that run on the latest OS, locking down access to specific devices, etc).

Also check out our 10 Safety Tips for Working From Home, and feel free to share this blog with your team members.

Connecting to Insecure WiFi Networks

The risk: It’s second nature for some people to connect their devices to seemingly harmless networks that offer free WiFi at coffee shops or airports. However, this is a huge risk as malicious actors can access devices this way.

Mitigating the risk: Never connect to free WiFi networks, and if using mobile devices for work purposes, use a VPN to do so or only connect to a network that your firm’s IT team have approved.

Malicious Apps

The risk: Downloading malicious apps onto personal devices leaves them open to being hacked or a virus getting into systems, thereby providing a gateway into hackers getting into any data that these personal devices have access to.

Mitigating the risk: Only download apps from official app stores (Google Play, the Apple App store, Microsoft, etc.) Even with verified apps, take care to only grant permissions like access to location, camera and contacts to those apps that absolutely require it.