Top tips for protecting business data on mobile devices
Wed, 1st Feb 2012
FYI, this story is more than a year old
Businesses have an obligation to take reasonable security measures to ensure the integrity of sensitive private data – no matter where it may be stored or how it may be accessed. Symantec offers some advice to help IT execs on top of security issues. Establish policies for BYO devices. If employees are able to use their own devices to access the organisation's network, then your organisation needs policies around which devices and what information they can access. Procedures for loss or theft of devices should also be in place. Policies must be communicated to all employees.
- Encryption is a great tool for protecting data on mobile devices. Utilise it to secure data such as contact names and numbers as well as emails and email attachments. Email encryption should happen automatically on a mobile device for instant protection of sensitive information over all the networks it may cross.
- Mobile devices should have mobile-specific security software that includes firewall and antivirus. Protection should span the variety of attack vectors that can impact mobile devices such as MMS, infrared, Bluetooth and email.
- Educate employees on the importance of protecting their devices. Most best practices are common sense: Don't leave your mobile device lying around for others to pick up or keep it in your sight at all times. Forgetting a mobile device on a bus or train could have damaging consequences for a business.
- Take an information-centric approach to IT security. This means focus on managing the data from the data center to the endpoint (be it smartphone, laptop, tablet, USB or some other device) and from the desktop to the cloud.
- User authentication is important. Make sure users have password protection on their devices so that it can only be accessed by a legitimate user.
- Users should be aware of their surroundings when accessing sensitive information. Because mobile devices are portable, they get used everywhere. When viewing sensitive or confidential data, be cautious of who might be looking over your shoulder.
- Don't allow jailbroken or rooted devices to be brought into the organisation. Tampering with the operating system makes the devices more susceptible to mobile threats.
- Take inventory. You can't protect or manage what you can't see. You must take inventory of the devices in your organisation to gain visibility across multiple networks and into the cloud. After taking stock, implement continuous security practices, such as scanning for the latest security software, operating system patches and hardware information, such as model and serial number.
- Stay flexible. Threats that target mobile devices are the same for small businesses and enterprises. As businesses grow, they require security management technology that is automated, policy-based and scalable so that the infrastructure can accommodate new mobile platforms and services as they are introduced