When we discuss the security of your systems and data, a lot of our attention is focused on traditional hardware and software. However, more business is being conducted using smartphones. So an important question arises — does your smartphone get the same level of security attention as other tools?
In reality, your smartphone could easily be the weakest link in your firm’s security protection plan, especially if it contains private client information or access to business apps and credentials that are not properly protected. Here is a list of ideas and best practices that can help your firm better protect your smartphones.
Do you allow your associates to BYOD — “bring your own device” — for meeting mobile technology needs? It is okay if you do, but you need a list of the systems employees are allowed to access using their smartphones.
Security recommendations and best practices can sometimes be specific to the type of smartphone and operating system (Apple/IOS, Samsung/Android, etc.) your employees use. Create a security requirements checklist for each type of smartphone used by your employees, starting with how to create a passcode. You might also identify individual users and the applications they are allowed to access using personal devices.
Some employees might feel this is a little intrusive, but you really have no choice if a smartphone is used for business and personal needs. It is not only good business, but clients and regulators expect you to take such precautions.
One of the critical security features of a smartphone is the ability to remotely locate the device when it is lost or stolen — and, in the worst-case scenario, to remotely wipe the device of all data and content. This feature should be automatically activated when you purchase the smartphone, as well as when linking it to your web-based account with the device manufacturer. Double-check and make sure the “locate device” feature is turned on.
Take a moment and understand how these features work with your specific smartphone. You don’t want to be racing to learn how to use the feature after someone else already has possession of your phone.
If a smartphone is going to be used for any business purposes, do not let the user “jailbreak” or “root” the device. This essentially means that you have removed the software restrictions on the smartphone. This is a trick often used by people who want to download apps that are not offered on the regular app stores. To be blunt, there is no business reason to jailbreak your smartphone, and it is certainly not worth the added security risks.
Our smartphones are constantly looking for open Wi-Fi networks. Depending on where you use your smartphone, you might consider removing these “known networks” so that the device does not automatically connect without providing a notification message. It is important to know whether you are using a Wi-Fi network or your mobile provider network for transmitting data.
Recently, there have been a number of reports of fraudsters trying to port (move) someone’s phone number to a new smartphone. Essentially, they call your mobile provider hoping they can convince the customer service representative that they own the phone number and have just purchased a new smartphone for activation. Once the fraudster controls your phone number, it allows them to do a lot more damage. For example, think about the text messages you may receive for dual-factor authentication.
To protect against this threat, make sure that your mobile provider requires a password for any changes to your account, and pick a password that is not referenced in any of your social media posts. That is where the fraudsters will look to guess your password.
Your smartphone is arguably the most powerful, efficient and flexible technology device that you own. Therefore, it is worth your attention to make sure it is as secure as possible.
— Read C-Suite Survey Reveals Fear of Regulatory Scrutiny: Cipperman on ThinkAdvisor.