A majority of IT firms today allow Bring your own device (BYOD) due to the consumerization of IT in the modern workplace. That the mobile phone has become a can’t-do-without in today’s life is a reality that cannot be ignored. When employees are given the choice of using their own consumer-based devices in the workplace, it is imperative to counter theft and move towards ensuring security and control. Recent surveys underscore the seriousness of the problem data pointing out that four out of 10 businesses being affected by a security breach.
Well, Mobile security actually begins with protecting the actual mobile device. Today, a plethora of apps exist to prevent data theft on case a mobile has been stolen. It is also possible to track down the device with iPhone’s having special apps to track them. But what do businesses actually do when faced with security issues?
- Maintain and control security settings in one central location. It is important to never rely on devices that allow the user to make security decisions. It would also help if organizations require enforceable access control on all mobile devices i.e. users should not be able to disable the access control that IT has put in place.
- Always use two-step authentication for devices and apps where possible. This makes it necessary to provide both a password and additional information such as a code sent to an email address in case the device is lost or stolen.
- Have regular Consultations with various departments such as finance, HR and legal departments about their needs. This is because your mobile device policy doesn’t affect just the IT department.
- Establishing cloud-based servers or URL filters for websites that are either blocked by the company or known to be malicious. This precaution will help to protect the endpoint by not allowing an employee to visit websites that could compromise security.
- Frame a policy for mobile devices depending on your requirements and the company’s exposure to risk. Although BYOD has now more or less become the norm, it does pose a higher risk than policies such as choose your own device (CYOD) and corporate-owned, personally enabled (COPE) which may be more appropriate.