They come from the planet Mobile, an alien world where users don’t think or behave like traditional IT users. Their names are smartphone and tablet. And they’re multiplying. Mobile security is mandatory for LA distributors.
Trying to stem the influx of mobile devices is like shoveling water uphill. Whether you drive the influx or leave it to your employees, mobile devices will pop up in sales, marketing, warehousing, picking and packing, shipping, and accounting.
It will be your choice whether you decide to issue mobile devices to staff or if you opt for a BYOD (bring your own device policy). However, this will not change what you need to do in terms of security, only how you need to do it.
Tip 1: Know Where Mobile Security Needs to Be Applied
- Inventory all of your devices. Record relevant data such as device type and model, device ID, mobile OS version, firmware version, and device state (authorized, active, retired, unknown).
- Maintain the inventory. If you want to apply a BYOD policy, give users a way, like a web portal for instance, to register their devices properly. Regularly monitor for changes. Be strict. No registration or response to a request for update information? No service!
- Define any physical tracking required. Geolocalization lets you disable company-issued devices outside a certain perimeter, like the company premises.
Tip 2: Make Sure That Devices Run Appropriate Software
- Security software is the immediate concern. Good antivirus software exists now for common mobile operating systems. Load it onto company mobile devices. Insist on it being present and up to date on any mobile device an employee wants to connect with.
- Keep the other software up to date too, especially the operating systems. Old versions with known security holes are a hacker’s delight.
- Make sure users follow the rules: avoid downloading other apps, especially from unknown sites; do not try to switch off the anti-virus software; and tell IT immediately if any strange/forced download behavior is noticed.
Tip 3: Protect Data on Mobile Devices Against Loss or Theft
- Start with regular, tested back-up and restore processes. Mobile devices are easily lost or destroyed. ‘Tested’ means being able to reload backed up data and work normally again.
- Use data encryption. Without the encryption key, anybody finding or stealing the device will not be able to see or use the data it holds.
- Consider data tracking or an audit trail of which files are downloaded into which device. This also helps to spot if a device has been hacked and is being controlled by somebody else.
Tip 4: Use Proper Network and Connection Security
- Offer secure network connections where possible. Virtual private networks (VPNs) allow employees to securely connect to company systems through otherwise unsecured public Wi-Fi networks.
- Educate employees about the potential risk of Bluetooth and Near Field Communications (NFC) for data snooping or other attacks. Consider disabling them in company issued devices.
- Track any strange behavior, like repeated log-in attempts from a mobile device after hours for example.
Tip 5: Follow the Mobile Security Life Cycle from Start to Finish
- Educate or remind employees about information security in general and security for mobiles in particular.
- Keep mobile management and security on and up to date at all times. Enable remote wipe capability from the start for any company data held on any mobile devices.
- Use the remote-wipe facility, not just if a device is lost or stolen, but also if an employee leaves your company taking his or her mobile device that was used to connect to your systems.
What advantages or challenges has BYOD brought you as a Los Angeles distributor? Share your experience in the Comments box below.
And to follow up on the tips in this article, download your free guide, How COOs at Los Angeles Distributors and Manufacturers Get More Done: A Guide to Productivity, Data, Staffing, Delegation, and Making It Home for Dinner Most Nights.