People spend more than three-fifths of their time - mostly at work - on mobile devices. Unfortunately, we still have an issue with behavior when it comes to mobile security. Employees often disregard best practices, raising the odds they will make mistakes that jeopardize valuable data belonging to the organization or its customers. As the Harvard Business Review cautions, if mobile security isn’t yet a problem for your company, it will be.
The CEO’s Guide to Data Security report from AT&T examines how companies can help reduce the main threats, and let’s take a look at what they suggest.
Stay away from unsecured Wi-Fi networks
Connecting over unsecured Wi-Fi networks at coffee shops, restaurants, airports, and other public locales is never a good idea. It may be convenient, but employees who connect over unsecured Wi-Fi to conduct business from their mobile devices risk getting scammed. Rogue Wi-Fi access points mimic the characteristics of trusted networks and spoof encryption security certificate credentials. That makes it easy for bad actors to intercept, change, or steal data and passwords. So-called man-in-the-middle attacks can snatch data — including email and app content — sent over an unsecured site. The solution is simple: Just say no. Use virtual private networks (VPNs) or known secure Wi-Fi sites instead.
Avoid phony app stores
Employees may find it hard to resist downloading apps from untrusted sources. But a safer behavior needs to get drilled into their daily routines until it becomes second nature. Companies should encourage employees to only download software from mainstream app stores that have rigorous review processes and security checks. In addition to monitoring the app profiles of corporate-owned and bring-your-own devices, organizations should draw up whitelists of approved mobile apps for employees.
Otherwise, users run the risk of downloading mobile apps that are veritable ticking digital time bombs. Repackaged to appear authentic, these apps are loaded with malware that cybercriminals will exploit to open the padlocks guarding corporate data. Case in point: In the fall of 2016, more than 1 million Google accounts were compromised by malware that allowed attackers to access data from the mobile device owner's Google-related accounts without even having to enter a password.
Strong PINs and passwords
It’s up to employees to take more responsibility and avoid choosing easy passwords and PINs. While long, complex passwords require more effort and time for a hacker to crack, most people still use the same password for everything. At the same time, organizations should rethink whether to force employees to change their device passwords every few months, a practice that researchers say is counterproductive. Users who know they will have to change their password on a regular basis actually fail to choose strong passwords and have been found more likely to write their passwords down.
Encryption and two-factor authentication
Enterprises should configure all mobile devices with strong encryption. In case a phone or laptop gets lost or stolen, outsiders won’t be able to read sensitive or confidential business information stored on the devices. Companies can gain an extra measure of security beyond a username and a password by requiring two-factor authentication for any device that has access to the organization’s data. This also helps resolve some of the issues associated with password protection, the use of easy-to-guess passwords or excessive use of the same password.
Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.