The movement for BYOD, and the flexibility being afforded to workers to use mobile devices of their own choosing, can be freeing for some. For others, such as the cybersecurity conscious, it can be a bit of a nightmare of all new mobile device risks to deal with.
Common precautions that were once on every device in your network may not be taken anymore. Here are a few rules you should institute for BYOD devices so that you can minimise the risks associated with allowing mobile devices into your workflow.
Most passwords are awful
This has been discussed nearly endlessly on security blogs the world over, and it will be until ‘password’ is no longer the default password used by so many people. And no, ‘123456’ isn’t any better!
The problem with mobile devices and BYOD is that emails can be easily hacked when poor password choices are made. A strong password policy must be encouraged, as well as two-factor authentication. It will come down to you educating your employees, and giving them the tools to make these passwords. My go to tool is LastPass.
Bad app downloads and rooted phones
We all love free apps, but some of them aren’t so free – and I don’t mean that freemium game you downloaded! There are an increasing number of apps out there, even those on the Google Play and Apple App store, which are only built to be malicious.
Making sure that your employees are taking the time to research apps is your best approach. Send out notices for apps that have been found to be harmful in email blasts, and start getting your team security conscious that way.
Rooting a phone is another common problem. Yes, it makes your phone easier to work with when it comes to apps and switching networks. But it also makes it easier for hackers to work with too. A policy against rooted phones connecting to your network is an essential step to take to protect your company.
Mobile devices that are too old for updates
I’m not saying that you have to go out and buy a new mobile device every release, but mobile devices that are too old for new security updates are a threat to your company. Those updates are not there for fun – a vast majority of them are working to prevent new threats that are emerging every day.
If anyone working with you is using an old laptop still running Windows XP, it’s time to talk to them about upgrading their OS. Remember that this is for the benefit of your company – spend a few dollars if you have to.
Poor data storage
Storing your data in a secure manner is vital. There are a few ways to go about this:
- Store your data on a device which does not connect to the Internet. For those who have mobile devices which do, you may want to restrict access to data centres and have dedicated workstations which don’t connect to the Internet.
- Store your data offsite. The best way that I have found to store data offsite is by using a cloud provider. An extra layer of protection can be had by using VyprVPN’s data storage and encryption feature. This will encrypt your connection to the Internet, eliminating man in the middle attacks, and keep your data encrypted while it is being stored. Give mobile device using employees access to it when they have to store data and you’ll be much more secure.
Either way, this is going to help minimise attack points for hackers, and keep your most valuable data secure. The last thing you want to do is just leave important data on mobile devices, or even on fixed workstations.
Not using screen locks
This is one of the easiest mobile device risks to avoid as most devices comes with this feature installed. Your company needs a screen lock policy to protect mobile devices that people think are safe while they walk away to the bathroom. Yes, 99% of the time you have great security around your office, but this is about mobile devices that could end up anywhere.
A good policy will apply to all phones and tablets, but it can apply just as readily to the desktop workstations you have in your office all the time. This can help prevent thieves from going into company data centers, and can prevent your employee’s child from tweeting out nonsense over the company Twitter account!
Your mobile device risks going forward
There is no real way for me, or anyone else, to predict exactly what the next hacker attack will be. There is still no excuse for not getting the basics above right, and minimizing your risk. Hacking is all about having a number of vulnerable attack points to target. The steps above will help minimize those attack points and keep you safer no matter what type of attack is dreamed up next.
Feature image via LeoWolfert / Shutterstock