Mobile Phones: Managing the Growing Security Threat of BYOD

While waiting for his flight to arrive, your sales guy decides to check his email using his smart phone. He goes to connect to the free airport Wi-Fi and three options come up, PhilsWiFi-5, LAX Free4U Wi-Fi, LAX FREE Wi-Fi.

He chooses a connection, logs into his company’s email and unwittingly gives the cyber-criminal in the vicinity access to your company information. Unbeknownst to him, the Wi-Fi he logged onto, was a signal put out by a hacker.

Free Wi-Fi isn’t the only security issue. Skipping regularly scheduled software updates on the phone creates vulnerabilities that hackers can use to gain access to sensitive information.

Have an iPhone? It’s not uncommon for iPhone users to meddle with the operating system, (a practice called “jailbreaking”), so they can install unauthorized apps on their phone rendering it vulnerable to hackers.

Once a mobile device is compromised, and it is logged back onto your company’s network, your company becomes vulnerable to malicious virus attacks and scams that use social engineering to gain access to you confidential information.

Here are 7 things you can do to protect yourself, your employees, and your business

1. Never try to “JailBreak” an official OS. This allows unauthenticated source code onto your mobile device, creating huge security holes. This is especially true for iOS (Apple) devices. Android’s eco-system is fairly open.

2. Only install APPs from known sources or official App Marketplaces.

  • Discourage employees from using OPEN UnSecured “WiFi HotSpots” in busy public areas like airports, convention centers and busy hotel lobbies. If you are in a hotel, ask for the official hotel WiFi and only use networks that are secured.
  • If employees must use an open WiFi Hotspot, then require that they use VPN when accessing emails.

3. Enforce regular password change for all company resources - including emails.

4. Develop a mobile device policy:

  • At a minimum require employees to acknowledge the company has the right to wipe the email account settings on their phone at any time, and enforce regular password change.
  • If possible, enforce a full security policy on end-user devices. This will generally require a management platform or additional tools. Talk to us if you wish to learn more.

5. Get your employees involved. Your employees are a crucial line of defense when it comes to thwarting cyber attacks. Educate your employees about social engineering and other scams.

6. Protect your company infrastructure with a robust data protection platform that includes business continuity and a firewall with unified threat management. At Consilien, we partner with DATTO for data protection. It is by far the most comprehensive solution, providing both complete backup and business continuity.

Overall, protecting your company in the age of BYOD can be a complex topic. This is just the tip of the iceberg. If you have any questions, then please give us a holler.

Click here to take our FREE Business Continuity Assessment. You'll be glad you did.