Your Employee’s Mobile Devices are open doors to attacks. What can you do to Protect your Assets in your Employee’s Mobile Devices?
Every day after work, we aim at carefully closing the office: We check twice the windows, we religiously turn on the alarms, review that our CCTV works well and double lock doors before leaving. After performing this daily rituals, what a relief we experiment!
We go home with the feeling we have properly protected our tangible assets against trespassers, so we sleep like babies relying on the security we provide to our offices, PCs and safes… But are we devoting the same cares to our intangible assets, and really protecting them of vulnerabilities and attacks?
Unfortunately, we are not! What you value the most is probably leaking through our mobile devices… right before our eyes!
This time we explain what the main problems and solutions regarding to mobile security and how to protect your assets in your employee’s mobile devices:
Problem #1 Ignorance
Each time one of your employees uses his or her mobile devices whether from your network or only by using the company’s social medias, jeopardizes the safety of your operations. The sensitive data that make different your enterprise from others may be reachable for hackers from one single connection and from any mobile device somehow related to your company.
So, with only connecting, they are spreading your professional secrets like seeds in fertile ground. And nobody is safe: Even yourself may be helping to doing it right now, if you are reading this article from your mobile device using a public network while you take a coffee near to your office!
Solution: Instruct your employees
Believe it or not, many people still do not know security mechanisms to protect the connections from their mobile devices.
So, do not wait any longer and begin a campaign of awareness and education among your employees about the use of mobile devices and how to protect the assets when using mobile devices, so everyone there knows the real risk they are taking every time they connect.
Such campaign must also focus in protecting their mobile devices from attacks and vulnerabilities, how to keep their operating systems, antivirus and software installed on them.
Also, give to your employees the mechanisms for making security copies and backups of sensitive information they have in their mobile devices by providing them access to data services in the Cloud, and showing them how to use it. Believe it or not, much people still do not know how to use it.
Problem #2: Mobility
Yes, the main advantage of mobile devices is exactly its worst disadvantage: They can be carried everywhere, in and out our offices, they can be shared, used in public transportations, on the streets, taken to parties and trips, so it is pretty likely they can get easily lost… or stolen.
The issue goes far beyond from partners or relatives putting curious eyes on your private information: We’re talking here about strangers with the possibility of accessing to all the personal data and pre-configured connections, passwords, files and accounts loaded to mobile devices. And this easily reaches your company’s assets.
So… It is not hard to imagine the picture of an offender freely accessing to your server, downloading files from your company, snooping into your marketing plans and making electronic transfers from your payroll funds to his or her personal accounts. Pretty bad, uh?
Solution: Block them up
Locking mobile devices is no longer optional, but a demand to do to your employees to protect your assets, and a good practice for everybody. Beside, it is easy and free.
There are many ways to block mobile devices such as assigning passwords, four-digit codes, patterns or even programming them to require fingerprints to unlock your mobile. By applying this as policy, you will be a step closer to protect your assets in your employee’s mobile devices.
But go a step beyond in this practice and instruct your employees to assign strong passwords: They should not contain any personal information such as birthdays, names of close relatives or even beloved pets. It is much better to combine words in a phrase that only makes sense for the device’s owner, combining uppercase and lowercase letters, numbers and special characters.
Also, teach them to program the auto-lock to take effect five minutes after using their mobile devices, so it is not necessary to remember to lock them up again every time.
Help them to install applications to remotely locate, lock or wipe mobile devices. These programs allows to locate lost devices, to activate an audible or visual alarm on the screen and, in the worst case, to completely erase all the data stored in the device, and even make it completely useless.
Instruct them to logout after finishing every single session they have logged in from their mobile devices, and be emphatic in not allowing their devices to “remember” the data for automatically access to any accounts, servers, databases or services.
Is always preferable to make an extra effort and write them again whenever they need to login, because this guarantees better protection for your assets in your employee’s mobile devices.
Finally, configure and establish as company policy a quick expiration after accessing to your systems, so the sessions of your employees close automatically. And as extra security, make your systems to ask for changing passwords regularly.
Problem # 3 Security
We do not like to admit that we use unsafe connections to Internet, but we actually do. Nowadays, it is common to ask for the wifi key at the restaurant we frequently go, same when we visit relatives and friends. Watch out! Many of these networks are not encrypted or protected.
Now, imagine the same picture… with every one of your employees. Scary, isn’t it?
Solution: Be smart and selective
These precautions must be taught, repeated and implemented as culture charter at your work environment, and with a little help of your employees, they will integrate them for their lives outside the company:
- Avoid logging to none of your accounts when using public wifi connections as airports, libraries and train stations. Keep in mind that hackers often intercept passwords and sensitive data in such environments.
- Do not set your device for sharing internet with other people, or if you need to do so, restrict their access through username and complex password. Do not forget to turn this option off as soon as you finish.
- It is also a good practice to turn off your Bluetooth connection. Like this, you prevent that strangers or hackers send malicious files or download data from your mobile device.
Same, do not leave the protection of your assets to chance, or good will… which leads us to the next point:
Problem #4 Overconfidence (and lack of action)
When it comes to security and protection of the integrity of the company’s assets, we cannot leave exclusive control in hands of our employees. Even less when they can access from their mobile devices to confidential information and sensitive data of our Company.
Solution: Trust… in fair amounts!
Paranoia is not the best place to start any relationship… but neither total indulgence is.
As responsible for granting the success of your company, you are meant to create good work teams. But good teams cannot operate without clear objectives and rules to follow. So, balance is the best place to start and keep relationships.
In terms of security and protection of your assets, balance implies restrictions when accessing through mobile devices within your network systems.
But you need to explain to your employees why are you taking such measures in terms they can comprehend and experiment: The more they understand your concerns and solutions, the more comprehensive and committed to your objectives they will be. Two birds with one stone.
A good way to keep the balance in protecting your assets in your employee’s mobile devices, is taking out of the picture the access to social networks and IP voice services from their mobile devices through your systems.
Also, blocking websites that may be sources of malware, viruses and fraudulent applications, the capability of downloading music, movies or unofficial software for the major operating systems (iOS, Android, Microsoft, etc.).
Same, keep a constant flow of information to create collective conscience among your employees about the risks of using mobile devices and the protection of the company’s assets. Email, leaflets, posters and informal talks help to improve the security measures in your company.
Finally, we recommend you to install a software to control mobile security, which allows you to manage the access of mobile devices into your networks, ensuring protection of your assets and the security of your networks, services and data with minimal cost and effort, keeping your connections and your data corporate protected.
It is very easy to forget how vulnerable our data and assets are when using mobile devices, and even if we are aware of them, their advantages over every single aspect of life are so many that is easy to not to pay much attention to security measures.
This is the reason why we have to build a successful mobile security strategy in our company, educate our employees about their personal responsibilities to protect assets in their mobile devices, and make them aware about the best ways to keep security policies in and out the organization.
Sólo así podremos brindar a nuestros activos intangibles la misma protección y cuidado que le damos a nuestros activos tangibles, y dormir un poco más tranquilos en el conocimiento de que hacemos todo cuanto se necesita para proteger los activos… incluso en los dispositivos móviles de los empleados.
Only by taking action, you give to your intangible assets the same protection and care you give to your tangible assets, and sleep much better in the knowledge that you do everything what is needed to protect your assets … even in your employee’s mobile devices.
