There's no denying the potential for mobile devices to improve efficiencies and lower costs for workers in industries of all types. You also can't deny the potential security vulnerabilities that mobile devices present. These seven tips will help you secure your mobile environment without placing a burden on your workforce. Information security experts are fond of the certain language they use to explore and explain the security threats that companies and organizations routinely face. One particularly interesting notion from this lexicon is that of an “attack surface,” which identifies a potential point of attack on one’s information or financial assets, intellectual property or ability to conduct business. Because any successful attack brings with it a chance of financial loss, legal or regulatory infractions, or damage to reputation, best practices for dealing with attack surfaces mean limiting exposure to unwanted or uninvited access, hardening them against attack and imposing what’s often called “defense in depth.” This requires building multiple layers of protection around valuable stuff; if one layer gets breached, the bad guys aren’t automatically handed the keys to the treasure vault. All this makes security for mobile devices both important and vexing. The more that employees and contractors use mobile devices to access organizational systems, applications and data, the more important it is to protect such access. Furthermore, it’s essential to prevent the mobile devices that are supposed to boost productivity and add to the bottom line from opening unauthorized means of access to information and other assets; this turns them into a danger and a possible drain on revenue instead. Given that mobile devices are inherently moving targets used outside the organization’s perimeter — and thus also outside its firewalls, threat management, spam and content filtering, and other tools used to keep evildoers at bay — it’s vital to apply a battery of best practices to use of mobile devices to keep exposure to risk and loss to a minimum. As any security expert will tell you, though, there’s a fine line between enough security to keep things safe and protected and a smothering blanket of security that gets between people and the jobs they must do. Although it’s challenging and comes with some costs, the following list of mobile security best practices can help protect mobile devices and their users from unwanted exposure or unauthorized disclosure of company or organization IP, trade secrets or competitive advantages. Some of these practices aim at securing the mobile devices themselves, while others aim to protect the data and applications with which mobile users need to interact. All will help reduce risk of loss or harm to your company or organization. 1. Mobile Devices Need Antimalware Software A quick look at new malware threats discovered in the wild shows that mobile operating systems such as iOS and (especially) Android are increasingly becoming targets for malware, just as Windows, MacOS, and Linux have been for years. Anybody who wants to use a mobile device to access the Internet should install and update antimalware software for his or her smartphone or tablet. This goes double for anyone who wants to use such a device for work. 2. Secure Mobile Communications Most experts recommend that all mobile device communications be encrypted as a matter of course, simply because wireless communications are so easy to intercept and snoop on. Those same experts go one step further to recommend that any communications between a mobile device and a company or cloud-based system or service require use of a VPN for access to be allowed to occur. VPNs not only include strong encryption, they also provide opportunities for logging, management and strong authentication of users who wish to use a mobile device to access applications, services or remote desktops or systems. 3. Require Strong Authentication, Use Password Controls Many modern mobile devices include local security options such as built-in biometrics — fingerprint scanners, facial recognition, voiceprint recognition and so forth — but even older devices will work with small, portable security tokens (or one-time passwords issued through a variety of means such as email and automated phone systems). Beyond a simple account and password, mobile devices should be used with multiple forms of authentication to make sure that possession of a mobile device doesn’t automatically grant access to important information and systems. Likewise, users should be instructed to enable and use passwords to access their mobile devices. Companies or organizations should consider whether the danger of loss and exposure means that some number of failed login attempts should cause the device to wipe its internal storage clean. (Most modern systems include an ability to remotely wipe a smartphone or tablet, but mobile device management systems can bring that capability to older devices as well.) 4. Control Third-party Software Companies or organizations that issue mobile devices to employees should establish policies to limit or block the use of third-party software. This is the best way to prevent possible compromise and security breaches resulting from intentional or drive-by installation of rogue software, replete with backdoors and “black gateways” to siphon information into the wrong hands. For BYOD management, the safest course is to require such users to log into a remote virtual work environment. Then, the only information that goes to the mobile device is the screen output from work applications and systems; data therefore doesn’t persist once the remote session ends. Since remote access invariably occurs through VPN connections, communications are secure as well — and companies can (and should) implement security policies that prevent download of files to mobile devices. 5. Create Separate, Secured Mobile Gateways It’s important to understand what kinds of uses, systems and applications mobile users really need to access. Directing mobile traffic through special gateways with customized firewalls and security controls in place — such as protocol and content filtering and data loss prevention tools — keeps mobile workers focused on what they can and should be doing away from the office. This also adds protection to other, more valuable assets they don’t need to access on a mobile device anyway. 6. Choose (or Require) Secure Mobile Devices, Help Users Lock Them Down Mobile devices should be configured to avoid unsecured wireless networks, and Bluetooth should be hidden from discovery. In fact, when not in active use for headsets and headphones, Bluetooth should be disabled altogether. Prepare a recommended configuration for personal mobile devices used for work — and implement such configurations before the intended users get to work on their devices. 7. Perform Regular Mobile Security Audits, Penetration Testing At least once a year, companies and organizations should hire a reputable security testing firm to audit their mobile security and conduct penetration testing on the mobile devices they use. Such firms can also help with remediation and mitigation of any issues they discover, as will sometimes be the case. Hire the pros to do unto your mobile devices what the bad guys will try to do unto you sooner or later, though, and you’ll be able to protect yourself from the kinds of threats they can present. Security, Mobile or Otherwise, Is a State of Mind While mobile security may have its own special issues and challenges, it’s all part of the security infrastructure you must put in place to protect your employees, your assets and, ultimately, your reputation and business mission. By taking appropriate steps to safeguard against loss and mitigate risks, your employees and contractors will be able to take advantage of the incredible benefits that mobile devices can bring to the workplace. Just remember the old adage about an ounce of prevention. That way, you’re not saddled with costs or slapped with legal liabilities or penalties for failing to exercise proper prudence, compliance and best practices. Related content BrandPost How retailers are empowering business transformation with TCS and Microsoft Cloud AI-powered omnichannel integration and a strong, secure digital core lets retailers innovate across four primary areas while staying compliant, maintaining security and preventing fraud. By Tata Consultancy Services Mar 24, 2023 4 mins Retail Industry Cloud Computing BrandPost How to Build ROI from Cloud Migration This whitepaper and webcast can help you calculate the ROI and create a business case for modernizing your legacy applications to the Microsoft Cloud. By Tata Consultancy Services Mar 24, 2023 1 min Retail Industry Cloud Computing BrandPost How to power a sustainable enterprise on Microsoft Cloud In this eBook, we’ll follow the journey of Amal Skye, a fictitious woman who is committed to living in a way that preserves the planet for the future —and how businesses like Tata Consultancy Services and Microsoft are making that possi By Tata Consultancy Services Mar 24, 2023 1 min Retail Industry Green IT BrandPost How the metaverse will help financial organizations transform employee and customer experience on Microsoft Cloud With the right infrastructure and security protections in place, financial institutions can make virtual services more convenient, engaging, and accessible while staying compliant, maintaining security and preventing fraud. By Tata Consultancy Services Mar 24, 2023 4 mins Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe