Protection matters

6 Mobile Security Tips Every Employee Should Know

5 Minutes reading

In most smaller companies, it’s the IT manager who holds watch over company smartphones. If that is your case, keep in mind that smartphones have security risks too. Some of them can be defused via endpoint protection; however, informing employees about proper smartphone cyber hygiene is equally important.

Many businesses provide employees with company phones if they are necessary for daily work. It´s recommended to implement mobile device management (MDM) solutions on these devices so you can manage them in a centralized manner. With the help of MDM solutions, it´s possible to regulate downloads from unknown sources, prevent the use of nonsecure apps and ensure that devices are up-to-date. All of this helps your company to keep control over your own data.

However, sometimes organizations may approve access to company information using private devices, or employees may get access without the company´s IT admin knowledge. In order to protect your company data, it is essential to make your employees aware of smartphone security. Here is a list of basic rules that every employee should know and follow.

1. A strong password is your first line of defense

With mobile devices, this is doubly true since they are considerably more likely to get lost or stolen than your computer. And it’s not just about locking your screen but also about using passwords for apps and websites you visit on your phone. Avoid using simple combinations like 1234 and don’t recycle passwords or passcodes for multiple accounts. The least you can do is maintain unique passwords, one set for personal affairs and another for work purposes. Using a password manager and 2FA is also advised.

2. Download with care

When downloading apps to your smartphone, it’s best to stick with official app stores (Google Play or App Store) rather than downloading apps from random websites or using unverified links. Even then, you can sometimes come across fake versions of popular apps that introduce the risk of malware and other threats. That is why you should always double-check the developer’s name. Before downloading anything, do your due diligence — read ratings, reviews and don’t forget about the privacy policy either. You would be surprised how many apps store some kind of personal data.

3. Update your software regularly

Regular updates protect you from system vulnerabilities by patching security holes, which could be exploited by bad actors. In addition, updates also remove annoying bugs and can add new features. So even if you feel like your phone is constantly requesting some type of update, don’t ignore it. This applies to operating systems as well as individual apps. Every once in a while, spend some time auditing your smartphone and deleting apps you no longer use.

ESET Mobile Security Download


4. Be careful what you are connecting to

Public Wi-Fi hotspots are often unsecured, and you should always avoid them, especially when dealing with sensitive data (such as payment details) or work-related information. There is a risk of man-in-the-middle attacks (MitM), where threat actors can intercept communications between you and the website you are visiting. Or attackers can create their own malicious Wi-Fi network (Evil Twin attack) pretending to be a legitimate free Wi-Fi hotspot and once you connect to this network, they get direct access to your device. To lower the risks of getting hacked, use a reputable VPN solution when connecting to public Wi-Fi hotspots.

When pairing your phone via Bluetooth with another device, always make sure you know what is on the other side. Try to keep your Wi-Fi and Bluetooth connections off whenever you are not using them.

5. Don’t fall for social engineering techniques

Phishing scams aren´t tied to desktops and laptops, you may also open a malicious email on your smartphone, while you are on the go. As a user, you are typically more vulnerable when you are under pressure or in a hurry, say, when you need to quickly reply to one last email before you hop on a plane to take a vacation.

Therefore, people using smartphones are paying less attention to the links and attachments. On desktops, you can hover the mouse over the link to see the real URL. It´s possible to see previews of the links on smartphones as well – by tapping and holding a finger on the link, but most people probably won´t do that.


Get yourself acquainted with the most frequent types of social engineering to make sure you are ready to spot them before they cause any harm.

6. Use security software

You probably wouldn’t use a computer without a security solution, so don’t make this mistake with your smartphone or tablet. Proper security software shields you from malicious apps, trojans, or spyware. Some software even includes the option to wipe your device remotely in case it gets lost or stolen.

What to do when your phone gets stolen