Mobile Device Security


The methods and tactics of hackers are constantly changing, but one thing that remains the same is that those purveyors of ransomware and other malware are always looking for the weak link in your defenses. You’ve probably devoted a lot of attention to locking down your company network and devices, but what about the phones and other mobile devices used by your employees? Whether these devices are company-provided or personally owned, they’re often neglected from a cybersecurity standpoint, and that can be a very weak link indeed.

The consequences of any security breach can devastate an organization, potentially resulting in a loss of profits, data, and reputation. Consider the following precautions around mobile device use:

Train employees. As with non-mobile security protocols, user training is probably the most important step you can take. Train employees to identify the signs of a cyberattack, avoid insecure Wi-Fi networks and keep their devices’ software up to date.

Establish a virtual private network (VPN). A VPN connection disguises online data traffic and protects it from external access. Unencrypted data can be viewed by anyone with network access, but a VPN can restrict cybercriminals from deciphering data.

Install zero-trust-enabled applications. A zero-trust security model evaluates access requests based on predefined controls. Installing zero-trust-enabled applications can reduce cybersecurity risks by limiting access to only those applications that are permitted.

Turn on user authentication. User authentication on mobile devices verifies a user’s identity through one or more authentication methods, such as passwords or VPNs, to ensure secure access. For example, certain applications can be installed on mobile devices only if screen lock security, such as a PIN or facial recognition, is enabled.

Leverage bring-your-own-device (BYOD) policies. If you are going to allow or require employees to use their personal devices for work-related activities, you need a clear and complete BYOD policy in place. BYOD policies should cover topics including which devices are permitted – or not permitted – and outline security requirements such as the lock-screen requirement noted above.

Back up mobile data regularly. Regularly backing up data can help to recover it in the event a mobile device is lost, stolen or otherwise compromised. The more this process can be automated, the better. Consider also applications that can wipe company applications or data remotely in the event of a lost device.

Questions about mobile device security or other cybersecurity concerns? Contact Consolidated Insurance.