Around a third of employees are now working remotely in the UK, with high numbers of remote workers likely to continue throughout 2021.What people may not be aware of is that the out-of-office environment and use of mobile devices opens businesses up to a wider range of security risks.
There are 65,000 hacking attempts aimed at small businesses in the UK every single day, so it’s no time for employees to relax their working-from-home habits. Do you know how to protect your business data from the risks of mobile working?
What are the risks of mobile working?
The weakest link in mobile security is the person using the mobile device, with 95% of cyber security breaches resulting from human error. If you don’t have a thorough company policy for mobile working, employees are likely to commit common mistakes that put your data at risk. Potential problems for mobile devices in the hands of untrained personnel include:
UNSECURED ACCESS
Working from anywhere means people often connect to Wifi wherever they can find it, including places like coffee shops and transport hubs. However, public Wifi networks are easy to hack into for cyber criminals to access information and systems. They even create ‘spoof’ Wifi networks for people to connect to without realising they aren’t legitimate. Even when working from home, individual Wifi systems might not be securely protected.
DATA BACKUPS
When employees spend a lot of time working alone on individual devices, they might save documents onto the device’s hard drive and unknowingly create a vault of sensitive data. If the device goes missing, all that data on it becomes compromised, and if they didn’t save it anywhere else then it’s lost to you.
Employers should provide cloud-based storage so all company data is available from a central system with appropriate access restrictions. It’s even better to enable automatic saving and back ups so nothing important gets lost.
UNAUTHORISED APPS
Sometimes known as ‘shadow IT’, employees can install and use applications on their devices that haven’t been approved by the company. If an app’s security levels haven’t been checked, employees could be giving anyone access to enterprise information without realising.
Using unapproved third-party storage solutions, such as Dropbox, can also lead to data leaks if companies don’t check up on where staff are saving documents. Businesses need to enforce a usage policy and monitor employee devices to prevent their misuse.
POOR PASSWORD PROTECTION
Many people will revert to using a repetitive number or something simple like a birthday as their device passcode, just because it’s easier to remember. But easier to remember also means easier for thieves to crack. Whether they have a PIN, password, or unlocking pattern, people might not be aware that they’re being watched when accessing their device in public. Employees should be trained to shield their passcodes and enable biometric or two-factor authentication wherever possible.
FALLING FOR PHISHING SCAMS
Phishing scams are fraudulent messages, usually impersonating a business or person of authority, with the intention of getting the recipient to provide information or accidentally download malware.
Statistics gathered by Keepnet Labs suggest that 85% of businesses have been targeted by phishing scams, and a shocking 97% of employees are unable to identify sophisticated phishing emails.
Naively opening a scam email or clicking on a link can trigger all kinds of harmful downloads onto the device, and it can get even worse if the employee follows a link to a site and fills out a form with sensitive details. It’s crucial for companies to make sure their employees avoid these mistakes and work with your security measures to prevent data breaches.
How can businesses control their mobile data?
The added security risks created by remote working and mobile business devices can be worrying. Businesses need to get ahead of these potential issues and be proactive in enforcing security tools and practices.
CREATE COMPREHENSIVE COMPANY POLICIES
Before any employee even begins to work from a mobile device, your business should have already laid out a complete policy for acceptable usage in line with legal regulations. It should outline both allowed usage and forbidden practices, as well as consequences for breaching the policy.
Employees should have to read through and sign a copy of the policy before they start using a mobile device for work, to show they’re aware of the risks and how to stay secure.
EDUCATE EMPLOYEES IN SECURITY AWARENESS
Sometimes reading a policy document can go over some people’s heads, particularly if there’s a lot of legal jargon involved.
To make absolutely sure that employees are aware of common security risks and how to prevent them, companies should provide further training documents.These could be things like guides on recognising phishing scams or setting strong passwords, and information on how to report incidents.
INVEST IN AN ENTERPRISE MOBILITY MANAGEMENT SYSTEM
One of the easiest ways to maintain control over a complete inventory of employee devices is to implement an enterprise mobility management suite, including mobile device management.These platforms remotely manage access to encrypted data stored in a secure centralised system, automatically enforcing security protocols for all registered devices.This way, everything is monitored at all times and any problems that arise are quickly flagged and dealt with.
These systems can work with a range of devices, including personal smartphones if your company has a Bring Your Own Device policy. It may reduce security risks to issue separate business phones to employees instead, as all enterprise data is isolated and the device only allows authorised business functions.
5 ways to protect business data on mobile devices
Whether you use a device management service or stay on top of mobile security through your IT department, the following five tips are essential in keeping business data secure.
ALWAYS ENCRYPT DATA
It’s necessary to encrypt data for all ingoing and outgoing traffic to stop any unauthorised snoops from intercepting information. Whether data is in storage at rest or in transit, it needs to be completely protected. Make sure encryption is enabled on all physical devices, and support this with data encryption software as needed.
INSTALL ANTIVIRUS SECURITY SOFTWARE
Mobile devices are just small computers, and they need defending against malicious viruses like desktop PCs and laptops do. Installing antivirus software is a must to actively protect the device at all times, scanning content for threats and blocking spam. This software can prevent people from unknowingly downloading malware and send out alerts if it identifies any breaches.
USE A VPN (VIRTUAL PRIVATE NETWORK)
A VPN can encrypt data by routing traffic through it, even if the device is connected to a less secure network. If employees have to work on the move or don’t have a fixed home office, a VPN ensures that they can still securely access business data from anywhere. Some businesses might prefer to make it mandatory for workers to use a VPN when using Wifi, and ban the use of unauthorised Wifi hotspots.
ENABLE REMOTE WIPING
As a last resort, if a device is lost or stolen from an employee, you should be able to not only track it but remotely delete everything on it. Passcodes can keep data hunters at bay for a bit, but being able to wipe any valuable information from the device before they get a chance to see it eliminates that problem. Always make sure that this feature is enabled on every device and don’t hesitate to use it if the situation arises.
DELETE DATA BEFORE DEVICE DISPOSAL
There are many reasons for a company to remove a device from its inventory or redeploy it. Whether an end-of-life device is due to be destroyed or recycled, a functional device needs repairing or refurbishing, or an employee is leaving and their device has to be reconfigured, you should always completely wipe the data on it.
Deactivate access to your networks, delete the data, and restore the device to factory settings whenever you’re sending it away for repair or recycling. Even if the device stays within your enterprise while you reuse it for another employee, the original data should be wiped so the new employee can start fresh.
Does your company follow all of these security procedures?
Do your employees know how to keep their mobile devices secure?
If you still have concerns about protecting your business data, it’s not too late to follow these tips and secure your mobile devices ASAP.