Letting employees work from their personal smartphone or tablet is not only convenient for you, it’s just a fact of life.
Companies that try to restrict or limit BYOD or “bring your own device” for their employees often only serve to frustrate and hinder employees’ productivity. Ultimately, these devices are part of how we live and how we work today. It is virtually impossible to prohibit personal devices from accessing or containing critical company data – files, emails, etc.
In facing this reality, every company needs to put clear policies in place to require that necessary precautions are taken. Employers must also help employees apply those precautions appropriately by ensuring they can load and use antivirus protection correctly and use settings on the device to protect the information it contains. To ensure employees follow specified policies and adhere to established best practices, BYOD/security and policy training is critical. To be effective, training must be ongoing and the key principles or expectations of the company must become part of the repetitive dialog employees hear.
Like all of our monthly Security Tips, January’s tip is designed to help you communicate BYOD security best practices to employees and, by sharing these tips on a regular basis, you are reinforcing the expectations and helping them protect their own data as well as the company.
Use a Passcode
First, encourage (if possible require) employees to protect their device with a passcode to restrict access. Some users may still balk at taking this extra step. But, if you make this a requirement, you really will be doing them a favor. A lost or stolen phone that is not (at least) protected by a passcode on the lock screen can be a nightmare for them and, if it can be used to access your email system or company data, a potential problem for your company as well.
Keep Apps Up to Date
Some apps seem to update constantly. Whether these are minor tweaks developers are making or real, necessary fixes for functionality or security is hard to tell. People often become oblivious to updates thinking they are probably minor and not important. But updates often contain critical fixes to security gaps that have been identified. You usually would not know about these fixes without checking for updates. It is important to correct such issues as soon as they are identified, even for apps that are used infrequently.
Disable WiFi and Bluetooth
Tooling around town with WiFi enabled or a lingering Bluetooth connection turned on can open a mobile device up to hackers who frequent coffee shops and public networks just to sit and wait for whatever unsecured system may come within range. Some employees may need to be shown how to turn these features off and on quickly. Most or all probably need reminders to do it.
Only Connect To Trusted Private Networks
It is important to disable WiFi when you are in public to avoid connecting accidentally to an unprotected network. It is just as important to be cautious of connecting on purpose. Studies have revealed widespread weaknesses in public WiFi networks. It is possible to work (or just browse) securely from the coffee shop but employees must be made aware of what to watch for and how to avoid the dangers.
Employ Mobile Antivirus Software
Andreas Marx of the German security research institute, AV-Test, was quoted in 2012 by DigitalTrends.com as saying “If you only install software from trustworthy market places and do not use your smartphone very often for web surfing or e-mailing, the OS is still pretty safe.” But chances are, going into 2015, that most of your employees are browsing and emailing more than ever from their mobile devices. And they are inevitably seeing phishing emails, pharming pages, and other dangerous but innocent-looking traps. Cybercriminals are becoming increasingly sophisticated. While some will still argue that the average user does not need antivirus software on their devices, no one can argue that it is detrimental.
Download a Lost Phone Recovery App
Apple’s “Find my iPhone” feature and Google’s Device Manager can be lifesavers; if your phone or device has ever gone missing, you know. But when you turn to Find my iPhone and you don’t hear the alarm, then what? If there is a chance that the device has found it’s way to the hands of a hacker or fraudster, having the ability to wipe the data on the phone can save the user from untold headaches. If your employees are carrying around devices that have access or contain your company’s sensitive information, you may want to create a policy to require them to have such an app installed or even to require them to allow you to install (and access) a data/device wipe tool on their BYOD devices.
January Security Tip:
We prepare reusable monthly security tips like this to help you make employees aware of common security threats and the easy steps they can take to avoid most of them. Feel free to share this latest security tip with your colleagues. To be sure that you don’t miss next month’s tip, click here to join our email list.