Many employees use a smartphone as a tool for conducting of their business activities; phone calls, email, accessing websites and web apps, connecting to cloud data and more. Smartphones are a target for cyber criminals to gain access to your corporate network or to confidential information, just like your computer. Below are 10 smartphone security measures to help keep your organization and your employees protected:
- Ensure access to all smartphones requires a fingerprint, facial recognition, or a PIN code.
- Set the phone to lock the screen after 5 minutes of inactivity.
- The smartphone operating system should be a currently supported one. This ensures it will still get security updates as they are released, keeping it less vulnerable to attack.
- If using Outlook for business email, require that the Outlook for mobile app be installed on all business-use smartphones. This allows corporate email and data to be separated from personal email and data. If the smartphone is lost or stolen, corporate data can be remotely wiped to prevent potential access to sensitive information. Likewise, if someone is leaving your employ, their corporate data can be wiped without touching their personal data.
- Advise all employees to only download apps from either the Apple Store or the Google store. Apps from other sources could be hiding malware. If the device is corporate owned, you may also have a limited list of allowed apps.
- Implement a written Mobile Device Policy including addressing corporate-owned versus employee-owned devices. Detail what the device can and cannot be used for. What happens to smartphone data if an employee is leaving or has lost their phone? You don’t want to find yourself in hot water if, for instance, you wipe an employee’s smartphone, including all their personal information and photos.
- In the event you need to wipe data from a smartphone, ensure that data also exists elsewhere (such as in the Microsoft 365 cloud) or is backed up in some manner.
- Be careful what you allow your installed apps to have access to. Do you want a particular app to know your location or to have access to your camera or your contacts? You can add or remove permission from any app that has asked for access to data. Instructions to do so for iPhone users can be found here and for Android users here.
- Browse only on protected Wi-Fi networks, which are those that require you to enter a password to connect. Public networks are unsafe for confidential personal or corporate data.
- Avoid clicking on ad banners displayed on your smartphone as they could be malicious. Either delete them or wait to view them on your computer so you preview the URLs they point to and better determine their legitimacy.
BSC Solutions Group can assist with your organization’s Smartphone security and the development of a Mobile Device Policy document. We can also help with other important IT Security-related policy documents that all organizations should have in place: Acceptable Use, Backup & Disaster Recovery Plan, Incident Response Plan, Password Policy etc. Reach out to us today for more information.
