While the number of smartphones in the U.S. is still relatively small (17%), smartphones are expected to catch up with the number of feature phones in the next couple of years. Apps and shiny new phones get all of the attention now; however, as more and more people start to use these devices, security will become a much bigger issue, especially for enterprises.
While most companies that hand out mobile devices to employees have security measures, like data encryption and password protection in place, there are some end user habits and behaviors you can't control through an IT policy.
Here are some tips that will help keep your end users more secure while using their personal or corporate mobile device.
1. Don't store sensitive personal or corporate data on your mobile device.
This may sound obvious, although most people don't realize what kind of data is actually stored to their device, especially if that device connects to the Internet. If your phone is lost, stolen, or compromised via a virus or malware, you could be making any combination of the following data available:
- Internet usernames and passwords If you log into your personal email or social networking sites or your bank via your mobile browser, make sure you don't select the Remember Me option for those sites.
- Corporate documents If you receive a PowerPoint or a Word doc via email, don't download that file to your device. Depending on the documents' level of confidentiality, you could be making corporate secrets very easy to obtain.
- Your home phone number and address Many users store a contact for their Home in their phone. This would give someone access to your home phone number and other details, like address, that you may have stored.
- Embarrassing or inappropriate photos and videos Most people don't think twice about taking out their phone and snapping a photo. Just remember that any photos that you store on your mobile device could fall into the wrong hands if lost, stolen, or compromised. It could be an embarrassment for you and open up legal or PR issues for your company.
While most corporate IT policies require a password to access a mobile device, data is also stored on internal memory cards that can be quickly and easily removed.
2. Be mindful of what you download, install, or click.
Smartphones have the same risks of virus, malware, or phishing that PCs have (just not at the same volume yet). Users can use their smartphones to download and install apps, as well as browse the Web. Just like on your PC, you need to make sure you know what you're downloading or clicking on. Here are a few things to keep in mind:
- Phishing scams These scams come via email, text, or Web, so make sure you trust the source of a message or link before taking action (it's the same as you would on your PC).
- Malware If you're browsing the Web from your smartphone, you are also potentially exposed to malware.
- Malicious apps If your end users are able to install third-party apps on their mobile device, they could be compromised via malicious code that is designed to take over the handset or access files or scrape for passwords.
Fortunately, most corporate IT policies prevent users from downloading and installing apps on their smartphones.
3. Act quickly in the event of loss or theft.
If a mobile device is lost or stolen, act quickly to report it to your IT department and/or mobile provider. Password-protecting devices will help, but the best bet is to remote wipe the phone and its memory card.
Again, if you're not storing sensitive information on your memory card, it wouldn't be compromised if a thief accesses it.
None of these tips are rocket science, but I think it is important to get your end users thinking about how they are protecting their mobile devices and managing their personal and corporate information.
Tony Neate, who heads GetSafeOnline.org, suggests that we all think of our mobile device more like a wallet than a PC. I like that analogy because it articulates the financial risks (beyond just the cost of the device) that are at stake for the end user and for your enterprise.
What tips do you provide users about securing mobile data? Let us know in the discussion?
More tips on mobile security
- Five steps to protect mobile devices anywhere, anytime
- Strong password management for the mobile user
- Get increased password protection on the iPhone
- RoboForm: Strong passwords anytime, anywhere