As Curtis, our VP of network operations, wrote in this previous post, bring-your-own-device (BYOD) policies are fast becoming the norm in the corporate world. The trend – also known as the consumerization of IT – is being driven by two factors: the enormous popularity of web-enabled mobile devices and employees’ desire to work outside the strictures of 9-5 office life.
Curtis suggested that IT professionals would do well to make peace with BYOD, since employees’ devices aren’t going anywhere. But the fact that personal iPads and Android phones are being used to access corporate apps doesn’t mean security should be allowed to fall by the wayside.
Quite the opposite, in fact: personal mobile devices may be highly insecure. With the many device models and versions available, it’s difficult to certify individual phones and tablets for security. Additionally, many consumer electronics are susceptible to malware infections. For example, the FBI just issued a warning about two especially virulent strains of Android malware.
Thus, in the modern workplace, robust mobile-device security is a necessity. How can you lock down the devices in your office? Here are our suggestions.
1. Ensure employee devices are up-to-date
While popular smartphone operating systems will typically stay up-to-date on their own, requiring employees to check manually for updates is a wise move. Wireless carriers do occasionally issue over-the-air security fixes to customers, so take pains to ensure that every device on your network is using the most recent OS available.
2. Require employees to activate lock screens
Smartphones and tablets may be set to “lock” after being left unattended for a certain period of time. Make sure the people at your office are using the “lock screen” feature on their devices – unlocked devices can be picked up and tampered with all too easily. The worst-case scenario? If a person is logged into work email when his unlocked phone gets swiped, his email and saved documents could be released into the open even before he can report the theft.
3. Report stolen or lost devices immediately
Segueing from the previous point: employees must make it a habit to report any lost phones or tablets immediately. IT can then move quickly to log the employee out of any and all app sessions and change his or her passwords. There’s little that can be done once a device is gone, but the data should be protected post haste.
It’s also smart to have a mobile device management solution in place: It can ensure the protection of secure information if devices are lost by giving IT staffers the ability to manage those devices remotely, when needed.
4. Discourage employees from downloading unsafe apps
Regardless of software platform, it’s good practice to only install apps that have been downloaded more than 1,000 times. (Any app with more than 1,000 downloads is likely legitimate.) It’s also smart to look at the reviews apps have received – doing so will both protect users from malware and ensure that there aren’t any compatibility issues with the apps they download.
5. Install security software
There are numerous security programs available for mobile devices. One excellent (and free) option is Lookout Mobile Security: it offers a find-your-device feature, online backup and (in the paid version) remote wipe capability. Kaspersky, the security-software developer, offers a well-reviewed paid alternative.
6. Limit device access to networks
If security is an absolute top priority, you may want to limit the extent to which employees’ electronics may access your office’s wireless network. With the right firewall technology, it’s possible to scan smartphone data traffic for potential threats. And of course you should implement strong security measures on the network itself, with WPA-or-better encryption and a hard-to-guess password in place.
Another good idea: a mobile device registration program that requires personal devices to be registered with IT. Such a program can help your company meet the various security compliance certifications that exist.
Do you have any additional suggestions? We’d love to hear them! And be sure to stay safe out there – the web can be a dangerous place.