When we discuss the security of your systems and data, a lot of our attention is focused on traditional hardware and software. However, more business is being conducted using smartphones. So an important question arises — does your smartphone get the same level of security attention as other tools?
(Related: SEC Chief Clayton Reveals Cyber Breach in EDGAR System)
In reality, your smartphone could easily be the weakest link in your firm’s security protection plan, especially if it contains private client information or access to business apps and credentials that are not properly protected. Here is a list of ideas and best practices that can help your firm better protect your smartphones.
Do you allow your associates to BYOD — “bring your own device” — for meeting mobile technology needs? It is okay if you do, but you need a list of the systems employees are allowed to access using their smartphones.
Security recommendations and best practices can sometimes be specific to the type of smartphone and operating system (Apple/IOS, Samsung/Android, etc.) your employees use. Create a security requirements checklist for each type of smartphone used by your employees, starting with how to create a passcode. You might also identify individual users and the applications they are allowed to access using personal devices.
Some employees might feel this is a little intrusive, but you really have no choice if a smartphone is used for business and personal needs. It is not only good business, but clients and regulators expect you to take such precautions.
One of the critical security features of a smartphone is the ability to remotely locate the device when it is lost or stolen — and, in the worst-case scenario, to remotely wipe the device of all data and content. This feature should be automatically activated when you purchase the smartphone, as well as when linking it to your web-based account with the device manufacturer. Double-check and make sure the “locate device” feature is turned on.