In most smaller companies, it’s the IT manager who holds watch over company smartphones. If that's the case for your business, keep in mind that smartphones have security risks too. Some of them can be defused via endpoint protection; however, informing employees about proper smartphone cyber hygiene is equally important.
Many businesses provide employees with company phones if they are necessary for daily work. It's recommended to implement mobile device management (MDM) solutions on these devices so you can manage them in a centralised manner. With the help of MDM solutions, it's possible to regulate downloads from unknown sources, prevent the use of non-secure apps and ensure that devices are up to date. All of this helps your company to keep control over your own data.
However, sometimes organisations may approve access to company information using private devices, or employees may get access without the company's IT admin knowledge. In order to protect your company data, it is essential to make your employees aware about smartphone security. Here is a list of basic rules that every employee should know and follow.
1. A strong password is your first line of defence
With mobile devices, this is doubly true since they are considerably more likely to get lost or stolen than your computer. And it’s not just about locking your screen, but also about using passwords for apps and websites you visit on your phone. Avoid using simple combinations like 1234, and don’t recycle passwords or passcodes for multiple accounts. The least you can do is maintain unique passwords, one set for personal affairs and another for work purposes. Using a password manager and 2FA is also advised.
2. Download with care
3. Update your software regularly
Regular updates protect you from system vulnerabilities, by patching security holes which could be exploited by bad actors. In addition, updates also remove annoying bugs and can add new features. So even if you feel like your phone is constantly requesting some type of update, don’t ignore it. This applies to operating systems as well as individual apps. Every once in a while, spend some time auditing your smartphone and deleting apps you no longer use.
4. Be careful what you are connecting to
Public Wi-Fi hotspots are often unsecured and you should always avoid them, especially when dealing with sensitive data (such as payment details) or work-related information. There is a risk of man-in-the-middle attacks (MitM), where threat actors can intercept communications between you and the website you are visiting. Alternatively, attackers can also create their own malicious Wi-Fi network (Evil Twin attack) pretending to be a legitimate free Wi-Fi hotspot and once you connect to this network, they get direct access to your device. To lower the risks of getting hacked, use a reputable VPN solution when connecting to public Wi-Fi hotspots.
When pairing your phone via Bluetooth with another device, always make sure you know what is on the other side. Try to keep your Wi-Fi and Bluetooth connections off whenever you are not using them.
5. Don’t fall for social engineering techniques
Phishing scams aren't tied to desktops and laptops – you may also open a malicious email on your smartphone while you're on the go. As a user, you are typically more vulnerable when you are under pressure or in a hurry, say when you need to quickly reply to one last email before you hop on a plane and head on holiday.
Therefore, people using smartphones tend to pay less attention to the links and attachments. On desktops, you can hover your mouse over the link to see the real URL. It's possible to view previews of the links on smartphones as well – by tapping and holding a finger on the link, but most people probably won't do that.
Get yourself acquainted with the most frequent types of social engineering to make sure you are ready to spot them before they cause any harm.
6. Use security software
You probably wouldn’t use a computer without a security solution, so don’t make this mistake with your smartphone or tablet. Proper security software shields you from malicious apps, trojans or spyware. Some software even includes the option to wipe your device remotely in case it gets lost or stolen.