5 Steps for Making your Mobile Devices More Secure -PhishNet

Do your employees receive work calls, texts, or emails on mobile devices? Do you have strategies in place to minimise the security gaps this can create?

As businesses, we’re online more than ever before. So are our employees. It’s a great opportunity to provide better service to customers. But there’s a dark side, too.

Blurred lines between business and personal devices have been a major factor in some of Australia’s high profile data breaches. We often relax our security protocols on personal devices for ease of use. That makes life simpler – but it can also provide attackers with access to your business data.

I’ve outlined 5 things that you can do to draw better boundaries between personal and work life – and secure your data.

1. Offering Work Devices vs Personal Devices

While it’s tempting to have employees use personal devices, fewer to carry, lower upfront costs, there are drawbacks:

Apps that can view files can potentially access secure client information.
People usually relax their guard with personal devices. They don’t use a screen lock, give it to children to play with, install games and mature content.
Social media apps make it easy to use and share content from personal devices.

To avoid these problems, issue your employees with mobile devices that are for work use only. Once staff can access your systems with your work devices, disallow access from personal devices. No checking email from your own mobile phone – use the work device. Because the devices belong to you, you can be more specific about what people can and can’t do with them.

Learning points

Provide work-specific devices to your employees.
Limit access to your business content to only those devices.
You can have more control over devices you provide to employees, compared to personal or BYOD.

2. Install endpoint security on mobile devices

We often hear that mobile devices are invulnerable to malicious software and viruses. That’s not true, though. Mobile devices are at just as much risk as desktops and laptops, if not more.

Endpoint security apps monitor devices for suspicious activity. They watch for intrusion attempts and malware activity. Use these apps to help prevent vulnerabilities being exploited. Where possible, use the same endpoint app on your staff laptops, desktops, and mobile devices. This improves usability for staff. More importantly, it’s simpler for your IT team to monitor all devices if they have a ‘single pane of glass’ dashboard rather than multiple logs to watch.

Learning points

Use the same protective apps across all devices in your organisation.
If you can’t use the same apps on every device, ensure they can all work with a single monitoring system. This lets you keep an eye on the security status across all devices.

3. Set rules for apps that can be installed

Mobile devices can do just about anything today that we can imagine. That doesn’t mean it’s always a good idea. Apps can be great tools, but even non-malicious, useful apps can open security gaps in your network. And bait apps – often packaged as games or mature entertainment – are designed to be malicious and take advantage of any security weaknesses.

To limit the dangers of mobile apps accessing your data, ensure that only approved ones can be used. Create a safe list of apps that the devices can install.

Learning points

Put together a list of approved apps that pass a security audit.
Restrict work mobile devices to this list. Users can’t install their own apps without specific permission.

4. Impose screen lock times and unlock requirements

Employees can take mobile devices with them anywhere they go. It’s handy for staying in touch; not so great from a security point of view. Extra mobility can put your data within reach of a lot of strangers. For some industries, even idle curiosity can cause a breach of confidentiality.

While you can give your team rules about always keeping their device in sight or locked up, it’s smart to be prepared for simple mistakes. People can’t always protect against devices being stolen or lost, either. Set strong automatic locking, notification, and unlock authentication to prevent unauthorised people from accessing it.

Learning points

Make sure the device locks and displays only the lock screen if it has not been used for a few minutes.
Limit what shows in the notifications on the lock screen, so that there is no sensitive or private information displayed.
Use passwords or biometric options like fingerprint or facial recognition to unlock.

5. Teach your employees how to keep their mobile devices secure

The first 4 steps can improve your organisation’s mobile device security. However, they work best when the people using the devices understand:

Why the restrictions exist.
How to use their devices safely.
What benefits mobile device security brings to you and your team.

Learning points

Teach your team to adopt good practices with high quality and engaging cyber security awareness training.

Need help?

Improving your cyber security can feel like a daunting task. Prioritising cyber security awareness training is key to effectively mitigate threats and protect your organisation.

About PhishNet

PhishNet trains people to recognise everyday scams and cyber threats through our Cyber Security Awareness Training platform. With clear measurable results, orgnaisations can meet compliance requirements and proactively reduce the risk of cyber incidents. Talk to us about how awareness training can help protect your people and business.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

5 Steps for Making your Mobile Devices More Secure

1. Offering Work Devices vs Personal Devices

Learning points

2. Install endpoint security on mobile devices

Learning points

3. Set rules for apps that can be installed

Learning points

4. Impose screen lock times and unlock requirements

Learning points

5. Teach your employees how to keep their mobile devices secure

Learning points

Need help?

Explore

Contact Us

Email

Follow Us

In the spirit of reconciliation PhishNet acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.