I came across an article on Dark Reading that offered a number of tips for SMBs to strike a balance between BYOD and mobile security. Given the impossibility of stopping workers from bringing their smartphones and tablets to the office, there is little doubt in my mind that more needs to be done to reduce the security exposure due to mobile devices.
But while I am in full agreement on many of the excellent points, some of the suggestions may be a stretch for smaller businesses. As such, I wanted to focus on a couple of minimum safeguards that small businesses and SOHOs (small office, home office) should address in order to improve their mobile device security.
Plan for lost devices
More so than laptops, tablets and smartphones gets misplaced or stolen every day. It therefore makes sense that businesses need to factor lost devices into the equation before opening access to corporate resources such as email and databases. This includes mandating the use of device encryption, and most importantly, enabling the password lock.
The password lock is crucial because a study by Symantec found that 90 percent of smartphone finders rifle through apps and files — including sensitive information that is clearly labeled as such. And, yes, this takes place regardless of whether the devices were eventually returned.
The ability to remotely wipe stolen devices helps, too, and can set one’s mind more at ease upon receipt of a successful device wipe notification. Don’t rely exclusively on this feature, however, given that thieves (and opportunists) are generally quick to remove the SIM cards or switch off the wireless connectivity of lost or stolen mobile devices.
Another source of concern is the rise of mobile malware, as well as Trojans that surreptitiously siphon off sensitive data found on a mobile device. Relying on official sources of app marketplaces helps reduce the likelihood of this happening, given the vested interest in upholding their reputation. As such, it may be necessary to enforce the use of devices that are not rooted or jailbroken; though, it has the added benefit of rendering them less vulnerable to external attacks.
In addition, the use of segmentation within the corporate network may also be necessary to defend against compromised devices. This helps prevent sophisticated malware from being used to attack computer assets from behind the corporate firewall. Depending on the infrastructure and resources available to a particular business, this may entail the use of a separate SSID and VLAN to segment devices connected using Wi-Fi.
While I consider the above the bare minimum for integrating BYOD devices into a small business, SMBs should consider the use of proper mobile device management (MDM) tools as they grow. Stay tuned as I introduce some of the most popular solutions over the next few weeks.