The risks
- Physical loss or theft of mobile devices – not only necessitating replacement but potentially compromising the data on the device.
- Malware – compromising not only the device but also other devices to which it connects (including by email) and your entire IT infrastructure and the security of your business processes and transactions. This can be a result of downloading phishing emails, visiting infected websites or downloading infected apps.
- Compromised security in public places by using insecure Wi-Fi, or people looking over your / your employee’s shoulder.
- Compromised security if the device is not disposed of correctly.
These can in turn lead to other issues such as various types of fraud, identity theft, data theft, compromised employee security, loss of reputation, non-compliance with data regulations and even blackmail or being held to ransom (either corporate or individual).
Advice on use of mobile devices
- Make everyone who has the use of a company mobile device (or is authorised to use their own device) responsible for their behaviour and actions.
- Include use of mobile devices on company business, in the company handbook.
- Ensure all devices are protected with a PIN, which is difficult to work out and known only to the person responsible for the device (with the possible exception of the IT support function and the business owner).
- Ensure all devices are protected by a recognised internet security app, that they are updated when prompted and always enabled.
- Consider security software that either locates the device if lost/stolen, disables its functionality, sounds an alarm, sends you a photo of the person entering an incorrect PIN or a host of other innovative features of today’s devices.
- Ensure mobile device users are fully aware of precautions they must take to protect their devices and the information they contain, including:
- Physically protecting the device in public places
- Ensuring Wi-Fi is secure, or using a data dongle
- Being wary of ‘shoulder surfers’
- Having strict policies on safe usage – including email, internet use, social networking and apps – in order to avoid being infected by malware.