Last Updated on February 23, 2017
In today’s highly connected world, it’s difficult to leave our office email and other key work applications behind. More and more of us take work wherever we go via mobile devices like smartphones and tablets. And our employers appreciate that we’re often more productive when we can access company data with our personal mobile devices. No wonder the Bring Your Own Device (BYOD) trend shows no sign of slowing.
But the downside of BYOD is increased information security risk. BYOD security must be considered because our devices and the business data saved on them—like emails, contacts, documents and call records—can easily be lost or stolen. Mobile apps with saved logins could be a direct connection to a mother lode of corporate data. Eavesdropping hackers love to snatch login credentials, credit card data and other sensitive bytes over insecure wi-fi and Bluetooth connections. Finally, mobile devices can be a vector for malware and viruses to penetrate the corporate network.
Top 7 Tips for Keeping Company Data Secure on Personal Mobile Devices
How can you, as a mobile user, reduce the risk associated with BYOD? Here are my top 7 tips for BYOD security:
1. Comply with your company’s BYOD security policy.
If your company has a BYOD policy, comply with it. It’s there to protect both your personal data and company data. Plus, if you fail to do so and end up causing a data breach, you could be looking for more than just a new phone…
2. Setup a lock screen.
I wouldn’t want to be you telling your boss how you lost your unlocked iPhone with company emails. Especially these days with biometric “fingerprint logins” being commonplace, there’s no excuse not to take this fundamental precaution.
3. Minimize your use of public wi-fi.
Practically everyone uses open/unsecured wi-fi in airports, hotels and coffee shops from time to time. But this leaves your data open to illicit access by others using the same network. As a start, disable your device’s automatic wi-fi connect features so you have a chance to evaluate where you are and what you need to transmit before connecting. If you must use open wi-fi, don’t pass sensitive data over it. If you often deal with confidential data while on the go, consider getting a mobile hotspot that runs off your wireless carrier’s network. It’s much more hygienic.
4. Block Bluetooth.
As a wireless communication protocol in its own right, Bluetooth presents enough security issues to warrant its own blog post. Briefly, you want to make sure your Bluetooth settings and linked device configurations thwart snoopers. The best approach is to turn Bluetooth off if you’re not using it. Otherwise, Bluetooth devices are very easy to “discover,” connect to and potentially hack.
5. Keep your apps clean.
All apps on mobile devices can be considered BYOD security risks to some extent. Keeping your apps up-to-date, deleting unused apps, and ensuring that sensitive data is not stored in apps is critical to maintaining security. Never download an app that isn’t from a trusted source like the Apple Store or Google Play. Likewise, don’t “stay logged in” to apps that access financial or other confidential data.
6. Encrypt your data.
Storing as little information as possible on mobile devices is the best way to ensure it doesn’t get stolen. Any data stored locally on your device should be encrypted. This makes it harder to intercept in transit, and harder to exploit on a stolen device.
7. Passwords, passwords, passwords.
Secure your apps with strong passwords. Get a password manager to make it easier to use and manage passwords. Combining password management with remote wipe/lock protection is an even better bet.
Securing mobile devices is a significant challenge, and many organizations are just starting to recognize the security risks around mobile device access to sensitive corporate data. Contact Pivot Point Security to get your BYOD security strategy off on the right foot.
For more information:
- 2 Basic Approaches to Mobile Device Management: Pick One
- A BYOD policy template, to give you a sense of what one might look like if you haven’t seen/signed one
- An overview of Intel’s highly successful BYOD policy “best practices”