Top tips for BYOD security

Lax mobile security strategies can be a death sentence for small to medium businesses. Here are three practical steps to building a rock-solid defence.

To call mobility the latest hot business technology trend is probably an understatement. In reality, the gravitation towards using mobile devices, such as smartphones and tablets, represents a transformation of business technology priorities rather than simply a trend. Current and future generations entering the workforce will wonder how business was ever done without these devices. This transformation is not only taking place in large enterprises with the capital to invest in cutting edge technologies and IT strategies, but SMBs are also jumping head first into mobility.

A key driver behind SMBs fully-fledged interest in business mobility is the “bring your own device,” or BYOD, concept.  Many SMBs do not have the resources to supply employees with the latest mobile technologies, yet they still want to partake of the benefits of an always-connected workforce. With BYOD, employees use their own personal mobile devices for work. Thus, it’s a win-win, right?

The fact is that as more and more SMBs implement BYOD and leverage mobility in their business strategies, the risks are sometimes overlooked. After all, SMBs often already have their hands full with managing the demands of their traditional IT infrastructure and endpoints. Add mobility to the mix and often overtaxed IT staff become spread even thinner.

Not only are the risks surrounding mobility and BYOD sometimes underestimated, but these lapses result in real losses for many SMBs. In fact, Symantec’s recent State of Mobility Survey found that the average losses associated with mobility that SMBs incurred during 2011 was $126,000.

Symantec recently hosted a Twitter chat to discuss SMB mobility, specifically the mobile security issues on the minds of SMB executives and IT staff. A few of the key themes were the dangers of using public Wi-Fi hotspots, mobile malware trends and dealing with device loss or theft.

What was most apparent was that many SMBs are all ears when it comes to what practical steps they can take to better secure their mobile workforces. With that in mind, here are a few best practices that all SMBs should keep in mind:

Take Stock: Know which employees are using mobile devices to connect to business resources. The fact of the matter is you cannot protect or manage mobile devices you don’t know about.

Secure: After taking stock, make sure that employees are following a few simple guidelines when it comes to their devices if being used for work:

  • Mobile devices connecting to company resources should have mobile security software installed and have their encryption features activated.
  • No “jailbroken” or “rooted” devices allowed! Such devices have security holes that leave them vulnerable to attack.
  • All mobile devices should be password protected, no exceptions.
  • Lost or stolen devices should be immediately reported.
  • Avoid opening unexpected texts messages and emails from unknown senders on business-connected devices. Just like with PCs, malware can infect mobile devices through such messages.
  • Be aware of surroundings when accessing sensitive information. Whether entering passwords or viewing sensitive or confidential data, users should be cautious of who might be looking over their shoulder.
  • Only use app marketplaces hosted by well-known, legitimate vendors for downloading and installing apps. Mobile malware authors often use unregulated, third-party app stores to peddle malware.

Manage: Using mobile device management (MDM) and mobile application management (MAM) tools is a relatively simple step to help SMBs maintain an inventory of the devices connecting to company resources and also make sure employees are adhering to the above policies. Reputable MDM tools also enable SMBs to make sure mobile devices, both personally-owned and company-owned, are wiped of company information if an employee leaves the company or a device is lost or stolen.

Many SMBs are struggling to find the proper balance between enabling mobility and maintaining a secure IT infrastructure. These simple steps – taking stock of mobile devices, securing with proper tools and policies and managing through software – are relatively simple ways to strike that balance.

Adrian Covich is the manager of systems engineering at Symantec.cloud

Related Articles