7 Essential Tips for Business Mobile Security

A security breach is every business’ worst nightmare.

Unlike your office, where a decent lock and an effective burglar alarm can be enough of a deterrent, protecting your company’s data can be a tricky job. A security breach, whether it’s caused by a deliberate cyber-attack or accidental loss due to a user mistake, can cause serious consequences, from stolen revenue to incurring a fine due to GDPR laws.

According to the 2020 Cyber Security Breaches Survey conducted by the government, cyber attacks are becoming more evolved and frequent.

In 2020, 46% of businesses had reported having cyber security breaches or attacks within a 12-month period. Almost 20% of these businesses experienced a loss of data or money as a result of the breach or attack.

Furthermore, with a rise in the number of people working from home, this can also increase the risk of data falling victim to theft or accidental loss.

Whether your employees are in the office or working from home, it is more important than ever to ensure you are keeping your business’ information secure. At Elite, we are experts in mobile security and remote working. We’re confident in our knowledge because we implement it within our own business to allow our employees to securely work from home and we want to use this knowledge to help you. So, let’s jump into our 7 essential tips to optimise your mobile security and keep your data safe.

1) Training is Fundamental

When we think of cyber security breaches, we tend to conjure up images of an evil hacker, sitting in a darkened room, furiously tapping away to infect our devices, steal our identities or virtually burgle our bank accounts. Although, a lot of security breaches can be malicious, many times they are a result of an honest mistake. For example, a user may download an app onto a business mobile that installs malware or leaves data vulnerable to loss or theft.

The 2020 Cyber Security Breach Study found that most businesses take action, such as implementing staff training, after a security breach. Prevention is always better than cure, so providing effective training on mobile security when using devices such as laptops and phones for business and ensuring staff are clear on any policies regarding mobile devices, could help to prevent a security breach.

How to deliver Mobile Security Training

It is important that training is as comprehensive and accessible as possible. It can be delivered via educational videos, presentations, e-literature or training sessions. Data storage, device technology and the methods attackers use steal data are constantly evolving, so IT, Cyber Security and Data Protection training should be an ongoing activity, rather than something that is implemented as part of an induction and never mentioned again. Although it may seem time consuming, effective training could save you money, hassle and prevent a potential disaster – so it’s worth it!

2) Update Your Policies

A cyber attack or a loss of data may be the catalyst for a policy update, but it is more useful to use your IT and mobile security policies as a preventative measure rather than a solution. Computer security company, McAfee, recommend updating your cyber security policies and procedures at least once a year.  Keeping on top of your compliance policies regarding use of the internet, applications and mobile devices could help ensure that all users are clear on what they can and cannot do with their devices and best practices to protect company data. If your company implements a BYOD (Bring Your Own Device) programme, ensure that policies regarding this are up to date. Store the policies in a place that is easily accessible for all staff, such as a cloud service or HR/company portal.

3) Ensure security with users’ own devices and remote working

For some companies, a ‘bring your own device’ programme can be really useful. It limits cost for corporate IT and it can give employees flexibility with their working environment. Similarly, the Covid-19 Pandemic has highlighted that remote working can be beneficial for a company and its staff and more businesses will be offering greater flexibility for employees through home-working agreements and office-home hybrid working policies in the future. However, what does this mean for mobile security? Both BYOD and remote working can cause its own set of challenges when it comes to mobile security. One of the most secure ways of allowing flexibility is offering pre-secured corporate IT, such as a laptop that has been customised by an IT team to protect data.

However, this isn’t always possible, especially if you are a smaller company without a dedicated IT team or funds to offer corporate IT. This doesn’t mean you can’t offer home-working or a BYOD policy. There are steps you can take to offer flexibility, as well as protect your data.

Creating Remote Working/BYOD Policies

One factor to consider is that not all users will consent to the company having control over their device. This provides the company with less power to manage mobile devices and can increase the risk of a security breach. However, a remote working/BYOD policy can clearly outline how the company expects staff to use their personal devices for work purposes and the steps they need to take to prevent a security breach. A policy regarding BYOD or using personal devices for remote working should include:

• Clarification of both organisational and employee responsibilities regarding data protection and device management
• Clear policy goals and controls that the company will be using to achieve these goals, e.g. a degree of control over mobile devices, use of hosted desktop, consequences for not following company policies regarding data protection, mobile security, device management etc.
• Identifying tasks employees can and cannot do from their personal devices
• Outlining what services and data will be exposed to devices

Hosted Desktop

A hosted desktop is a cost-effective and efficient method for allowing users to access company data securely and allowing your business to have control over staff personal devices without being too intrusive. A hosted desktop is a cloud-hosted virtual desktop that allows users to have controlled and secure access to their work, company data, applications and programmes. It essentially allows users to take the office home with them, securely. It is a really useful investment for a company, especially with the rise in remote working as it is scalable and virtual work solutions can be attractive when recruiting new employees who are seeking a better work-life balance. Security and peace of mind for you and a satisfactory working situation for your employees – it’s a win-win!

Mobile Device Management

Mobile Device Management (MDM) allows your company to have control over a user’s device. It can be used on a variety of mobile devices such as smartphones and tablets. MDM can allow your IT team to employ strong security controls, view and manage apps and content used by the device and execute remote actions, such as wiping the device. You can use MDM to enable users to store content securely on their mobile device and enforce security policies such as multi-factor authentication, password protection and permissions/restrictions on file sharing. It can be rolled out across multiple devices that are utilising multiple mobile service providers, to control what applications, files and data your team can access whilst using their device.

Security and Best Practise Training

The more your staff know about keeping data and their device safe the better. Although we live in an age where most people have access to technology, you would be surprised to learn how many people don’t know how to keep their device and data secure. From using passwords that are easy to guess, to accessing sensitive data via public Wi-Fi, there are a lot of honest mistakes that can be made by users that could cause a security breach if effective training isn’t provided. Training and policies that outline the following can all be useful to ensure staff follow best practises for effective mobile security:

• Installing and keeping anti-virus software up to date
• Using firewalls
• Using passwords that are difficult to guess, e.g. using long phrases or sentences, including special characters and numbers, avoiding important dates such as birthdays
• Changing Wi-Fi and other important passwords regularly
• Using correct file-sharing services, such as OneDrive to share information securely
• Avoiding public Wi-Fi for business use
• Not sharing passwords with other people

4) Multi-Factor Authentication

Multi-Factor Authentication provides another layer of protection for mobile devices. It is usually accessed in the form of an app which is downloaded onto a mobile phone and allows devices to connect to your apps and programmes via ‘secure single sign on’ (SSO). This ‘sign on’ is usually in the presented in one of these forms:

• A Code that the user will need to enter into the device before accessing an application
• A push notification that they need to accept
• Using biometrics, such as their thumbprint to confirm their identity.

Multi-Factor Authentication not only provides an extra step that can prevent a cyber-attack, but if the device is lost or stolen it can prevent someone from accessing information. Multi-Factor Authentication Apps are easy to implement and some of them are free. Here are some examples of Multi-Factor Authentication Apps to get you started:

• Duo Mobile
• Google
• Authy
• Google Authenticator
• Microsoft Authenticator
• Yubico Authenticator
• Last Past Authenticator

5) App Control

Apps can be handy tools, but they can also provide many a headache. What may seem as an innocent application may cause a device to become infected with malware/viruses or leave information vulnerable to attackers. Although this can be an innocent mistake by the user, consequences to the company could be severe. Block Lists and Allow Lists can provide a degree of control over what applications and programmes users can download onto their devices. Block lists allow you or your IT team to block apps and will send a notification if a user has tried to download a block listed app.

Allow listing apps that benefit the company, such as apps that aid productivity, can be beneficial as it helps users to identify applications and programmes they should be prioritising. Block listing apps can also prevent users from downloading inappropriate applications such as games, betting and irrelevant social media. From avoiding security breaches to preventing users wasting company time on Candy Crush, Block and Allow lists are really useful tools for safe and productive mobile device usage.

6) Identify necessary permissions

You wouldn’t handover keys to your business’ premises to every employee, so why would you give them access to all of your company’s data? Very few users need access to all applications and files your company has. Customising device permissions according to role, responsibility and what the user is using the device for can prevent accidental data loss. For example, whilst your finance manager may need access to the company’s bank accounts, this permission and relevant training and policies wouldn’t be needed by the email marketer. By using this approach, relevant staff can be given training and policies that relate to the information and apps they will be handling, which will save time and prevent accidental data loss and unnecessary exposure to data. You can implement this customisation on any corporate IT that you send out to users or permissions available to them on virtual platforms, such as hosted desktops.

7) Scalable security

It is a misconception that data loss or theft is a risk for larger businesses. Security breaches can have severe implications on businesses of any size. Loss of revenue can be fatal for any business if financial data is lost or stolen. GDPR has introduced severe consequences for sensitive data that has been compromised as a result of a security breach. It is likely that you will keep some information about your customers and/or staff within your systems and the price of losing some or all of this information could land a maximum fine of £17.5 million or 4% of the business’ annual turnover in severe cases. You may not always be a small business and it is good to keep on top of your security and prepare for future changes sooner rather than later. This means your security needs to be scalable to ensure it is efficient and cost effective. Tools such as hosted desktops and mobile device management are tools that can be scaled without the need for procurement if you do not have the funds for corporate IT or you are happy for users to complete work on their personal devices.

Your data is in safe hands with Elite

At Elite, we understand the importance of mobile security for business as BYOD and Remote Working are programmes we have implemented ourselves for years. This means, we have a lot of expertise and experience that we can use to help you find the perfect security solutions for your business. From hosted desktops and cloud services to multi-factor authentication and device management, we can advise and provide everything you need to ensure your data is secure from both evil hackers in darkened rooms, users who don’t know how to create effective passwords and everything in between.

Elite Group is one of the UK’s leading unified communication providers, supplying reliable and professional IT and telecoms services to organisations seeking Remote Working Solutions, Cloud Services, and Device Management & Security.

For more information on how Elite Group can power your unified communication solutions,  call us or request a quote today.