Must Have Factors of a Mobile Security Policy

Written by

Mobile devices in the workplace have generated a whole host of cybersecurity issues for companies large and small. Though small and medium sized businesses (SMBs) may think a mobile security policy is only for larger corporations, all businesses are at risk of cyber-attacks and data breaches. 

Such hacks can damage a company’s reputation by leaking confidential client information, accruing significant costs in lost business and legal fees. In fact, a study by the U.S. Congressional Small Business Committee revealed that 71% of cyber-attacks occurred at companies that employed fewer than 100 people. 

Though many larger companies offer their employees devices in order to better control the cybersecurity issue, BYOD (bring your own device) is still a very common occurrence with employees using their own mobile devices to engage in business activities. That being said, only 39% of businesses have adopted a formal BYOD policy.

So you want to implement a mobile security policy but not sure where to start? Here are some basic points you should include.

Define your stance on BYOD
If you do provide devices, make sure employees know that personal and business devices are not to be used interchangeably and that business exchanges are to be performed strictly on the company device.

Device wipe
In the event an employee’s device is lost or stolen, it’s essential to have the authority to wipe out apps and information related to the business from the device. This becomes tricky when the device also includes the employees’ personal data.

Making a clear statement about this eventuality in the policy will help prevent this from being subject to negotiation in the event a device is compromised. A step-by-step procedure for reporting and logging lost or stolen devices should also be included in your policy. 

Device back-up and employee privacy
Along those same lines, your company’s back-up system should take into consideration that some personal information may be stored on your employee’s device. Making sure that only business data is kept on the backup is important for protecting your employee’s privacy. 

Prohibited and permitted apps
Don’t assume that all employees know how to behave with caution when it comes to mobile security. Consider which high-risk apps you want to prohibit employees from downloading and which ones you will permit. Providing a detailed list will be a helpful guide. 

Litigation
If you’ve provided devices to your employees, it’s important to understand that the company is then legally responsible for content accessed on that device. That means that sites that include pornography, gambling or illegal content should be explicitly banned otherwise, the legal consequences of such content could come to fall on your business’ shoulders. 

A written policy and employee training
A mobile device policy should not be word-of-mouth. It should be a written policy that employees sign their agreement. Employees should also receive training on how to comply with the policy and be informed of the security dangers that they are subject to.

For example, employees should learn basic skills such as how to ensure a text message isn’t fraudulent, how to set a strong password and disable automatic wifi connection among other skills.

No public wifi
It should be a general rule that employees using their devices for business should never connect to public wifi networks. Public wifi are unsecured networks and any device activity performed while using them could be compromised.

Setting up the device to automatically deactivate wifi when not in use can prevent devices from accidentally connecting to previously-accessed public networks. 

Encryption
Data on both company and BYOD devices should be encrypted. This throws up an extra barrier in the event a device is stolen and/or hacked. Data encryption helps protect sensitive company and client information and should be included in your security policy. 

Be prepared for updates
The world of mobile is constantly evolving and your mobile security policy will have to keep up. Don’t think that the same policy you’re using this year will necessarily be as effective next year.

As new developments occur that can both improve and harm your security, it’s essential to keep up to date and to adjust company policies accordingly. 

Accountability
Once these processes are set in place, it’s essential to hold employees responsible for the security of their devices. Smart SMBs are adopting device security policies. By employing these and other security measures, you can ensure your valuable business information and that of your clients is well-protected. 

What’s hot on Infosecurity Magazine?