After the phone hacking scandal was exposed in UK recently, the question on every phone user’s mind is this: Is my phone being hacked? It has been proven once again that a little negligence on the part of the user can make data vulnerable to attacks. Thus, the security of smartphones and other mobile devices should be a priority of all individual users and enterprises.
This is not the first time that a smartphone or mobile device has been hacked. Stories of smartphone data theft, loss of sensitive social security information or credit card data stored on USB drives have been in the news for some time. There are a host of mobile apps that are available for users to download and install, and some of them can be malicious. Even public Wi-Fi hotspots serve as ideal gateways for malware and cybercriminals. The threats are further multiplied when the smartphone owners use their devices for managing both personal and corporate information. So, what happens if such a mobile device or smartphone falls into the wrong hands? Ouch! It’s a situation that any organization hates to be in.
As an IT administrator, how can you ensure that a lost or stolen mobile device that stores critical and confidential corporate information does not cause a dent to the company’s reputation? Is there a way you can manage and control devices containing sensitive client and corporate data? Can businesses deploy any security measures to protect their smartphone data?
Yes, you can completely control the situation if you are well prepared and have the device management basics and security practices defined.
- Maintain visibility of assets on campus: First and foremost, as an IT administrator it is very important that you know about all devices, both employee owned and corporate owned, residing in the corporate walls. Since an employee can own more than one device, it is important that you know about them all.
- Define the minimum different mobile security policies for:
- Enforcing complex passwords and changing the default password
- Ensuring encryption of essential and sensitive data
- Enforcing remediation and auto-quarantine actions to prevent unauthorized access
- Identifying jailbroken or rooted devices
- Locking or wiping devices remotely in the event of unauthorized access
- Tracking lost, stolen or damaged devices
- Restricting the use of certain applications
- Monitor the applications used by your employees. Since mobile device data security is no longer restricted to emails, it is important that an IT administrator has visibility into and control over applications used by their employees. If an unwanted risky or malicious application is identified, the IT administrator should blacklist the application to ensure the secured and compliant state of the device.
In today’s smartphone era, I believe both enterprises and users share equal responsibilities to keep their devices secured. Some important practices that a smartphone owner can follow are:
- If you are not using your voicemail service, turn it off.
- Change your PIN or password often.
- Avoid using important dates in your life as your PIN, e.g., your birthday or anniversary.
- Don’t keep simple passwords like 1234, 6789, 5683 (LOVE), 5555, 1111, 0000, etc.
- Turn off Wi-Fi and Bluetooth when not using them.
- Install third party applications to encrypt your confidential and sensitive information.
- Don’t click on untrusted links in your emails or text messages. They may point to malware or a Trojan.
Are there any other smartphone security concerns that your organization has? Please share with us in the comment section or send us an email.