Seven smartphone security tips for businesses | How to protect an enterprise mobile device fleet
Just like PCs, smartphones are susceptible to a wide variety of cyber attacks, from remote hacking to malicious advertising and corrupt apps.
Cases of mobile malware and other vicious attacks are on the rise, especially in the open source Android platform. For example, earlier this year some 10 million smartphones were infected by the HumminBad malware, according to security researchers.
With many businesses opting to provide employees with a work mobile, we take a look at how businesses can secure their mobile fleet. Here are seven ways to keep your mobile fleet secure
1. Mobile security tips: Perform an audit of existing mobile devices
Mobile audits are part of common practice in organisations that already offer a smartphone to employees. These audits will analyse the current fleet, the individual devices and their actual usage.
Performing an audit of mobile devices should offer an idea of what devices your employees are using and allow you to identify potential security weaknesses, depending on their smartphone habits.
For example, if an employee regularly travels they might connect to public Wi-Fi so will require extra security to offset a potentially 'dangerous' internet connection.
2. Mobile security tips: Invest in MDM software
With more and more businesses depending on mobile devices for collaboration and productivity, organisations should look to mobile device management (MDM) software to support their devices.
MDM tools should secure, manage, and also monitor your whole fleet of employee devices. There are tools available from IBM, MobileIron, SOTI and Microsoft that offer a virtual desktop environment, remote file protection and on-device VPN.
3. Mobile security tips: Create a code of best practice
While there are lots of device management tools and security software that aim to keep devices secure with relatively little effort, a code of best practices should be upheld to ensure the 'common sense' aspect of security isn't forgotten.
A simple document providing security 'musts' should ensure the basics of mobile security are upheld. For example, not syncing personal emails with work phones, not visiting unsafe websites or connecting the phone to unverified devices should be among each organisation's mobile best practices.
4. Mobile security tips: Limit access to non-business apps
Some employees will want to only use one phone, and will opt to integrate both work and personal applications on the one device. While this may encourage greater efficiency by having all necessary documents and apps in one place, it can leave employees more vulnerable to attacks.
Limiting employees use of non-business apps could make this risk smaller, by keeping the work mobile, strictly for work. While some MDM tools claim to be able to do this, if you choose to opt out of MDM software, this could be written into a mobile fleet best practices document.
5. Mobile security tips: Encryption
Depending on the type of smartphones used by employees, you might want to consider some level of encryption.
iPhones and Android phones will require different levels of encryption, with the release of iOS 8 in 2014, Apple began encrypting iOS devices with built-in call logs, photos, documents, apps and messages encryption.
Android devices could be seen as more vulnerable as they run an open source operating system. However in 2011, Google offered encryption at users' discretion, while later in 2014, some Android versions such as Lollipop offered encryption that was turned on by default.
6. Mobile security tips: Consider mobile antivirus
There is some debate as to whether mobile antivirus software actually works. Some argue that all smartphones should use it, while others deem it useless and advise smartphone users to rely purely on common sense to avoid having their device compromised.
Most antivirus tools claim to offer some level of data backup, remote wiping and malware protection and while these features (if they work) are better than none, most phones come with built-in antivirus and deem these features unnecessary.
Depending on the content travelling across your mobile network, you might want to try out some different antivirus apps. Opting for a paid-for antivirus application will offer the best level of protection across a number of phones, but for those on a budget there are competitive free options out there.
Although, if your employees are using iPhones, there is a smaller need for external antivirus apps as Apple offer protection built-in.
7. Mobile security tips: Choose the right type of smartphone
As previously detailed, opting for an iOS-based fleet or an Android or Windows-based fleet, will determine the level of protection you'll need to take when securing employee mobiles and alter your code of best practices.
So choosing the correct mobile phone is the first (and obviously vital) step in creating a secure and responsible mobile fleet.
Uhuru Mobile is a new ROM derived from Cyanogen that aims to make Android phones more secure
Our guide to the best MDM software
Secusmart is also behind a new voice encryption app that could help multinational, multiplatform enterprises