6 Mobile Security Mistakes That Could Ruin Your Business
By Daniel Hein
The modern business has embraced the use of mobile devices and mobility solutions in the workforce. Mobile devices are more powerful than ever, and they can provide a number of benefits to the enterprise. However, with new mobile technologies come evolving mobile security threats. If your company isn’t careful with its mobile device strategy and operation, it could make devastating mobile security mistakes that will open your business devices and data to hackers and other malicious actors.
Knowing and acknowledging that you’ve made a mistake in your mobile security process is the first step — taking action to correct those mistakes comes next. How do you identify when these errors have been made? What can you do to stop their effect from damaging your business? Is there a way to avoid these mistakes before they happen? Below, we’ve compiled six of the most common mobile security mistakes that businesses make and how you can prevent them from ruining your enterprise.
One way to avoid making these mobile security mistakes is using an enterprise mobility management (EMM) solution. Our free 2019 Buyer’s Guide contains profiles on the top vendors in the mobility management field and their key features and functions. It also lists questions you should ask yourself and prospective vendors before you choose a solution.
Not locking your device screens
Locking your mobile device screens may seem like a no-brainer, but this step is often overlooked in securing devices. Even if you protect all the applications and data on a phone with access control and authentication measures, not secure the first point of access to a device is a huge mistake. This is often the first line of defense in preventing users from entering your device, so setting up a screen lock for every mobile device is vital.
Using poor passwords
Passwords are commonly used to help protect mobile devices and applications, but it’s a safe bet that most of the devices in your infrastructure have weak passwords — if they even have them at all. In order to prevent devices from being breached, passwords should be unique to each device, and users shouldn’t reuse passwords from their other devices. It’s imperative for employees to create strong passwords for devices they operate, and for businesses to enforce the use of these passwords.
Sticking with single-factor authentication
While a strong password can improve your mobile device’s security, it should not be the only protection protocol you have in place. Single-factor authentication has been the traditional method of securing devices, but the best way to prevent unauthorized access to a device is to have multiple methods of authentication in place; these methods could include passwords, biometrics, tokens, and one-time access codes. For businesses, two-factor authentication and multi-factor authentication should be employed alongside authorization and role-based access control to ensure only your employees can access sensitive business data.
Not updating your devices and apps
Every so often, your mobile devices and applications will need to be updated. It’s often a pain for employees since they lose valuable time that could be spent using the device for work; therefore, many will simply ignore updates or push them back. However, malware will often target older versions of mobile operating systems and applications because they have security flaws. Updated versions of these mobile solutions will patch out security holes, so any OS or app needs to be updated as soon as a new version is released.
Allowing devices to connect to public WiFi
Public WiFi networks might seem like a convenient way to connect your device when it’s outside of the office, but they’re often a haven for malware and hackers to jump onto devices. Employees need to take care to only connect company devices to trusted networks and to avoid public WiFi at all costs. If necessary, your company should invest in a virtual private network (VPN) or an unlimited data plan; that way, your employees will have a safer network to connect to when it can’t access the business network.
Allowing personal devices for business work without vetting them
A successful BYOD policy needs to evaluate every device that employees bring in. A device needs to be scrubbed to discover and remove any malware that’s present on the device. This is also the time for management to install any security applications and set any mandatory security protocols. In addition to setting security standards, this vetting process also allows your enterprise to verify that a device is compatible with your mobile business solutions.