As smartphones gain capabilities, mobile workers increasingly use them to manipulate or view data from within the firewall, bringing about greater work productivity. As a result, SMBs are more at risk of data loss due to misplaced or stolen mobile devices.
So how can small and medium-sized businesses mitigate or reduce these risks? Security vendor Symantec sent me a list of tips SMBs can use to better protect business information on mobile devices. I highlighted a trio of the most relevant suggestions below, and added my own thoughts to them.
Symantec: The information stored on a company's mobile devices is an SMB's most important asset. Encrypting this data is a must. If the device is lost and the SIM card is stolen, the thief will not be able to access the data if the proper encryption technology is loaded on the device.
Mah: I completely agree that encryption of on-board data should be mandatory, not just a "good to have" idea. Of course, the ability to implement encryption depends upon whether the platforms support it. Notably, the iPhone doesn't support on-board encryption, which makes it fairly easy for criminals to extricate confidential data once they have the smartphone. Care also should be taken to encrypt the contents of any removable media card.
Symantec: SMBs must treat mobile devices just like they would a PC, and keep security software up to date. This will protect the device from new variants of malware and viruses that threaten an SMB's critical information.
Mah: This tip sounds a little too much like a cookie-cutter response to me: "Please purchase and run security software on all your computing platforms." Personally, I think it's more important to keep the software patched and updated to the latest version. Obviously, taking care not to run unidentified software will go a long way toward protecting you from malware and viruses. While I'm not yet convinced about the need to run security software on mobile devices, it could become a must-do practice in the future.
Symantec: In addition to encryption and security updates, it is important to enforce password management for managers and employees. Maintaining strong passwords will help protect the data stored in the phone if a device is lost or hacked.
Mah: My advice would be not to store confidential data on mobile devices at all. Beyond that, security administrators and IT managers must recognize that a device without a password is not protected at all, even with device encryption in place. Unfortunately, ensuring mandatory password controls is not as simple as it looks, since users find them a hassle and might seek to disable them on the sly. Mobile devices such as the BlackBerry smartphone have controls to let administrators configure such settings into the device profile as mandatory; platforms without similar provisions will just have to conduct regular checks.
Hopefully, the above tips will help you protect your SMB against data breaches originating from smartphones. Feel free to suggest other ways to protect mobile devices.