In most smaller companies, it’s the IT manager who is responsible for keeping company smartphones secured. While some security risks can be mitigated by endpoint protection, informing your employees about proper smartphone cyber hygiene is equally important.
Many businesses provide employees with company phones if they're necessary for daily work. It's wise to implement mobile device management (MDM) solutions on these devices so you can manage them in a centralized manner. With the help of MDM solutions, it's possible to regulate downloads from unknown sources, prevent the use of nonsecure apps and ensure that devices are kept are up-to-date. All of these help your company to control access to your data.
However, sometimes organizations may approve access to company information using private devices, or employees may get access without the company's IT admin knowledge. In order to protect your company data, it is essential to make your employees aware about smartphone security. Here is a list of basic rules that every employee should know and follow.
1. A strong password is your first line of defense
With mobile devices, this is doubly true since they are considerably more likely to get lost or stolen than your computer. And it’s not just about locking your screen but also about using passwords for apps and websites you visit via your phone. Avoid using simple combinations like 1234 and don’t recycle passwords or passcodes for multiple accounts. The least you can do is maintain unique passwords, one set for personal affairs and another for work purposes. Using a password manager and 2FA is also advised.
2. Download with care
3. Update your software regularly
Regular updates protect you from system vulnerabilities by patching security holes, which could be exploited by bad actors. In addition, updates also remove annoying bugs and can add new features. So even if you feel like your phone is constantly requesting some type of update, don’t ignore it. This applies to operating systems as well as individual apps. Every once in a while, spend some time auditing your smartphone and deleting apps you no longer use.
4. Be careful what you are connecting to
Public Wi-Fi hotspots are often unsecured, and you should always avoid them, especially when dealing with sensitive data (such as payment details) or work-related information. There is a risk of man-in-the-middle attacks (MitM), where threat actors can intercept communications between you and the website you are visiting. Or, attackers can create their own malicious Wi-Fi network (Evil Twin attack) pretending to be a legitimate free Wi-Fi hotspot and once you connect to this network, they get direct access to your device. To lower the risks of getting hacked, use a reputable VPN solution when connecting to public Wi-Fi hotspots.
When pairing your phone via Bluetooth with another device, always make sure you know what is on the other side. Try to keep your Wi-Fi and Bluetooth connections off whenever you are not using them.
5. Don’t fall for social engineering techniques
Phishing scams aren't limited to desktops and laptops. You may also open a malicious email on your smartphone, while you are on the go. As a user, you are typically more vulnerable when you are under pressure or in a hurry, say, when you need to quickly reply to one last email before you hop on a plane to take a vacation.
Therefore, people using smartphones are often paying less attention to the links and attachments. On desktops you can hover the mouse over the link to see the real URL. When you are using a smartphone, you can also see previews of the links: by tapping and holding a finger on the link. It's well worth taking the time to do this.
6. Use security software
You probably wouldn’t use a computer without a security solution, so don’t make this mistake with your smartphone or tablet. Proper security software shields you from malicious apps, trojans, and spyware. Some software even includes the option to wipe your device remotely in case it gets lost or stolen.