Mobile communication has become paramount to corporate communicators in today's workforce. Litmus reports that 53 percent of emails are opened on mobile devices. However, companies that rely heavily on mobile devices to share important or confidential information may be putting themselves at great security risk.
With your workforce increasingly using devices like smartphones and tablets to stay connected, mobile security is a critical concern. Here's a closer look at what threats companies need to be aware of and how to support secure mobile usage in the workplace.
Mobile devices and security risks
Mobile security risks can occur when users access sensitive company information on smartphones, tablets or other mobile devices. According to IDG, the costs incurred due to cybercrime and related issues are expected to reach $6 trillion annually by 2021. And, as the Harvard Business Review notes, your biggest security liability is your mobile phone. Companies face a number of potential risks, including:
- Sensitive data being compromised when a mobile device is lost or stolen
- Users failing to remove data before recycling or selling an old device
- Mixed personal and professional mobile devices containing third-party apps that create security vulnerabilities
- Mobile device hacking
- Social engineering attempts where criminals use publicly available information to impersonate a team member
- Ransomware, a kind of malware that locks up your data
Developing a mobile security blueprint
In today's landscape, it's important to be aware of evolving threats and how they can compromise internal or client data. Fortunately, there are steps you can take to help keep your data secure.
- Train employees and managers. Train your employees and management on the importance of mobile security. Employees who are aware of the threats — and what steps they can take to mitigate risk — are far less likely to engage in risky behaviors. Provide initial training and ongoing updates.
- Create mobile usage policies. What information can your team access on their mobile devices? Having a clearly defined mobile usage policy that documents best practices and provides behavioral guidelines for your company is important. It helps your team understand what's expected of them and provides a reference point when questions arise.
- Embrace device-level best practices. Does your company issue mobile devices or have a bring-your-own-device (BYOD) policy? Decide on company standards and stick to them. Good basic policies include installing virus protection and malware protection software onto devices. Endpoint management software can help your IT team wipe sensitive information from a phone in the event it's lost or stolen.
- Require two-factor authentication. Two-factor authentication adds an additional verification step, such as a code or fingerprint, to access secure accounts. While it takes a few seconds more to log in, it's time well spent as it can help prevent critical systems from being accessed by unauthorized users.
- Encrypt communications. Encryption helps keep your most important information secure. A virtual private network (VPN), for example, adds a layer of protection when sensitive data is accessed and makes it harder for hackers to break into key systems. Consider rolling out a company-level VPN for consistent cross-company protection.
- Perform regular security audits. Regular security audits should be part of your mobile security plan. Consider having your IT department run a penetration test, which can identify risky situations before they turn into real vulnerabilities.
Keeping your confidential information safe requires a clear mobile security strategy. From creating the right policies and investing in training to ensuring that you're using the latest tools, it's possible to stay connected on the go while keeping your information secure.