Large and small businesses alike need to secure their mobile devices, whether to avoid damage, protect the information they contain, or maintain the integrity of their IT network. Here are five good practices to adopt.
Physically protect your devices
Increase the lifespan of your employees’ digital devices by physically protecting them, which is particularly important for cellphones, which are more likely to be dropped due to their small size and frequent use.
In particular, you should equip your phones with protective cases, which reduce the chance of breakage if they are dropped. For even more protection, opt for a screen protector, a thin layer of glass that can be applied over the screen of the device. In case of an accident, it’s often this glass, and not the phone, that is likely to break.
Good to know
Higher quality models, sold for around $30 to $40, offer better protection against impact, but also against scratches, which is not the case for basic models, which need to be replaced frequently.
Even when well protected, phones can break. You should therefore opt for a protection plan in addition to the manufacturer’s guarantee, which also covers accidents and not just electrical or mechanical damage.
Encrypt and lock your phones
Anyone using a business mobility service must encrypt their employees’ phones and protect them with a lock code.
Good to know
Anyone using a business mobility service must encrypt their employees’ phones and protect them with a lock code.
Fortunately, encryption is now handled by default with the addition of a pin number or password, which is the case for all recent iOS and Android devices. However, this was not the case several years ago. If your employees are still using older models (before Android 10 and iOS 8), be sure to manually activate encryption in the settings (the procedure varies depending on the operating system and model). In the case of some Android phones, encryption must be activated manually. From the moment an employee uses their device’s SD card to store company documents or data, consider verifying first whether encryption needs to be activated.
Require the use of locking codes that are hard to guess (1-2-3-4 and similar easy codes should be avoided) and encourage employees to use their phones’ biometric locking features, such as digital fingerprint readers or face recognition. These technologies are safe and reduce the risk of a malicious person overseeing their locking code when it is entered.
For more complete protection, also ensure that backup copies of your phones are encrypted, which is not the default for iPhones backed up to a computer using iTunes. Copies in the cloud are encrypted for both iPhones and Android phones.
Use a VPN
Good to know
A VPN (or virtual private network) enables you to establish a secure connection between the company network and a mobile device, such as a phone, tablet, or computer.
This technology notably protects all communications effected through an open Wi-Fi network and encrypts communications when your employees are in a foreign country or working from home, for example.
But be careful—not all VPNs are the same. A VPN service for the general public will protect your data on a Wi-Fi network, but these data can be viewed by the VPN provider. To be completely safe, you should instead deploy a solution that encrypts the communications within your own company network, so that no one other than yourself or your business can access that data.
Track your devices
Apple’s Find My Phone and Google’s Find My Device allow you to locate different devices on a map, such as your phone, tablet, or wireless headphones.
Both tools also offer additional protections when enabled in smartphones. Such phones can be made to ring in order to locate them, or they can be remotely locked, made to display a message (to ask whether someone can call you at a certain number, for example), or erased in order to avoid having your confidential information wind up in the wrong hands.
However, these functionalities need to be previously activated to be usable. Such is generally the case by default upon first use of the phone, unless permission was refused by the user.
Unfortunately, you need access to your employee’s Google or Apple account to track their phone, which isn’t always possible. Instead, to track a phone and be able to erase it remotely, use an MDM (see below).
Get an MDM
Many best practices for securing devices require effort and collaboration on the part of employees. However, it’s also possible to take control of the situation by getting a Mobile Device Manager or MDM.
These tools, such as the Gesticom manager, offered by Videotron Business, facilitate the deployment and configuration of new phones, whether iPhone or Android devices. You no longer need to configure each device by hand to ensure it’s secure and to enter the identifiers to connect to your company network and install your applications. All these steps can be performed automatically with an MDM.
Automatic deployment is often the initial attraction of MDMs, especially for bigger companies, but this software also has other interesting advantages for companies of all sizes.
An MDM enables you, for example, to receive instant alerts and reports on the use of the phone. It allows you to track data consumption, roaming data, and the battery level on your employees’ phones. If necessary, an MDM can also enable the installation of applications remotely after its initial installation, or it can block applications (social networks, etc.).
For companies that want to use employees’ personal phones, an EMM (Enterprise Mobility Management) can be used to secure a portion of the personal device, where the company’s applications and documents will be stored, in addition to other options.
It’s also possible to extend the same level of control provided by MDMs and EMMs to other devices, such as computers, wearables, IoT sensors, and even vehicles, thanks to a UEM (Unified Endpoint Management).
This software offers many advantages when it comes to security. For example, it’s possible to use it to ensure a secure lock code is used for your employees’ mobile devices, and also to track phones without using third-party tools such as iCloud.
As opposed to Apple and Google services that require employee participation, you can remotely control the phone yourself, whether to uninstall your private applications, for example, or to update applications, operating systems, or security fixes, and even to reset a phone to its factory settings. Your data are at risk when a device is lost or an employee quits on bad terms. Being able to protect them yourself, without any third parties, is a basic requirement.
In short, five steps to take
- Physically protect devices provided to employees
- Encrypt and lock mobile phones
- Use a VPN to protect communications
- Track devices with a tracking system
- Get a mobile device manager (MDM)
4 April 2022, By Videotron Business