How to Improve Mobile Device Security for Small Businesses

Paul Mah
Slide Show

As BYOD Grows, Uncertainty Remains Over How to Implement

I came across an article on Dark Reading that offered a number of tips for SMBs to strike a balance between BYOD and mobile security. Given the impossibility of stopping workers from bringing their smartphones and tablets to the office, there is little doubt in my mind that more needs to be done to reduce the security exposure due to mobile devices.

But while I am in full agreement on many of the excellent points, some of the suggestions may be a stretch for smaller businesses. As such, I wanted to focus on a couple of minimum safeguards that small businesses and SOHOs (small office, home office) should address in order to improve their mobile device security.

Plan for lost devices

More so than laptops, tablets and smartphones gets misplaced or stolen every day. It therefore makes sense that businesses need to factor lost devices into the equation before opening access to corporate resources such as email and databases. This includes mandating the use of device encryption, and most importantly, enabling the password lock.

The password lock is crucial because a study by Symantec found that 90 percent of smartphone finders rifle through apps and files — including sensitive information that is clearly labeled as such. And, yes, this takes place regardless of whether the devices were eventually returned.

The ability to remotely wipe stolen devices helps, too, and can set one’s mind more at ease upon receipt of a successful device wipe notification. Don’t rely exclusively on this feature, however, given that thieves (and opportunists) are generally quick to remove the SIM cards or switch off the wireless connectivity of lost or stolen mobile devices.

Isolating malware

Another source of concern is the rise of mobile malware, as well as Trojans that surreptitiously siphon off sensitive data found on a mobile device. Relying on official sources of app marketplaces helps reduce the likelihood of this happening, given the vested interest in upholding their reputation. As such, it may be necessary to enforce the use of devices that are not rooted or jailbroken; though, it has the added benefit of rendering them less vulnerable to external attacks.

In addition, the use of segmentation within the corporate network may also be necessary to defend against compromised devices. This helps prevent sophisticated malware from being used to attack computer assets from behind the corporate firewall. Depending on the infrastructure and resources available to a particular business, this may entail the use of a separate SSID and VLAN to segment devices connected using Wi-Fi.

While I consider the above the bare minimum for integrating BYOD devices into a small business, SMBs should consider the use of proper mobile device management (MDM) tools as they grow. Stay tuned as I introduce some of the most popular solutions over the next few weeks.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Nov 16, 2012 4:36 PM Ian Lyons Ian Lyons  says:
Both of your points are extremely valid, but I was wondering: have you seen any trend towards limiting the number of endpoints/devices that individual employees are allowed to bring? Smartphones, tablets, and laptops all seem to be growing in numbers. Reply
Nov 19, 2012 10:14 AM Swarna Swarna  says:
Paul, these are spot on. Regarding lost or stolen devices, in addition to having the ability to remotely lock or wipe a device an even simpler step that all SMBs should be taking is to have a clearly communicated policy that all devices connecting to company resources must be password protected. No exceptions. It is such a simple thing, but it can buy a company time in between when the device is lost and when it gets reported lost by the employee. That reminds me of one more super easy things SMBs should be doing: make it a requirement that all lost or stolen devices are reported to management immediately. Swarna Podila Symantec Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.