Contact us

FREE TRIAL

Top 15 Mobile device security best practices for businesses in 2022

NO NAME
Mobile device security best practices topic has been floating around due to an increase in mobility regarding the remote mode of work. As WFH took over, businesses utilized mobile as a part of their day-to-day operational tasks. With employees accessing the company network remotely; mostly using their mobile devices; IT administrators are tasked to implement mobile device security best practices for businesses.

Heightened mobile device security due to WFH

Mobile device security best practices topic has been floating around due to an increase in mobility regarding the remote mode of work. As WFH took over, businesses utilized mobile as a part of their day-to-day operational tasks. With employees accessing the company network remotely; mostly using their mobile devices; IT administrators are tasked to implement mobile device security best practices for businesses.

A report from Owl Labs, ''State of Remote Work in 2021'', reveals the following statistics based on 2050 full-time remote workers:

  • 90% of participants state that they are more productive when working remotely;
  • 74% admitted they feel that WFH is good for their mental health;
  • 84% reported that they would agree to a decrease in salary in order to work remotely.

The numbers say it all. The remote mode of work is here to stay. Businesses have the task of  implementing mobile device security best practices in order to protect both their employees and their company.

To provide guidance on which mobile security best practices to keep an eye on, ASEE assembled a list including the top 15 mobile device security best practices for business. Make the most out of your security policies, and make sure to communicate the following mobile security best practices to all of your company's stakeholders.

TOP 15 mobile device security best practices for businesses to keep in mind

Mobile device security best practices for businesses are actionable guidelines on how to protect sensitive data contained on mobile devices. The following mobile security best practices are applicable to both personal use and business environments.  

To achieve a layered approach, enhance the security of mobile devices by utilizing the following mobile security best practices.

1. Implement user authentication

Lost or stolen mobile devices pose a great risk for companies. Combined with the fact that mobile phones come without the set authentication method by default, most users overlook the setup. Smartphones offer three ways of user authentication:

  • Passwords
  • PINs
  • Biometrics (fingerprint or face recognition)

Furthermore, implemented passwords or biometrics should be followed up with continuous employee education regarding the importance of user authentication. When applicable, take a step further and introduce 2FA - an added layer of security packaged in the form of a second authentication factor.

2. Regularly update your mobile devices and apps

Each new OS or application update might contain security patches that resolve known vulnerabilities. Since many of these updates don't happen automatically, they require a manual approach. Overlooking the update of your OS or applications on the device puts the data stored on your devices at risk. Make sure to turn on automatic updates and manually check if your OS and installed applications are up to date.

3. Avoid public Wi-Fi

Free public Wi-Fi comes in handy in case of a bad network connection. However, think twice before hitting connect in your local cafe. A hacker newbie can easily set up a fake Wi-Fi (network spoofing) or intercept the data flowing through a public network. Personal and confidential information going from one device to another can be altered, or there could be a case of eavesdropping. Anyway, the public Wi-Fi network should be avoided if possible. In cases when there are no other options, connecting to your company's VPN would strengthen the security measures.

4. Introduce Password Managers

No matter how many times your company advised you not to keep your passwords on sticky notes, you'll always find a Karen with a pink post-it on her laptop saying ''Karenlovescats1967''. The same goes for your desktop and mobile notes. Don't store your user credentials on unprotected apps. Use a password manager instead. It's basically a book of all of your passwords, stored in a single location, protected by a ''master'' password. It also allows you to generate secure passwords and save yourself from choosing ''password123'' as your weapon of choice. To truly implement mobile security best practices, pair your password manager with an MFA app.

Remote lock and data wipe policy

In every BYOD (Bring Your Own Device) agreement, include a remote lock and data wipe policy. This allows the company to delete all of the data on the mobile device remotely or simply lock the device in case it is lost or stolen. Things get uncomfortable because you're giving the company permission to delete all of the data stored on the device, including your personal files. However, a mobile device in the wrong hands could end up in targeting both the company and the individual who lost the phone. In such a case, the decision between losing personal or compromising confidential data seems like an easy one.

6. Utilize Mobile Device Management (MDM) and Mobile Application Management (MAM)

Mobile security is one of the main concerns in the IT world today. The main question when it comes to mobile security best practices is as follows; How do we secure the data stored on a remote server from potential security risks? The answer to that question lies in Mobile Device Management (MDM) and Mobile Application Management (MAM).

Mobile Device Management enables monitoring, managing, and configuration of the devices your employees use remotely; laptops, mobile devices, and tablets. Mobile Application Management enables monitoring, managing, and configurations of the apps on the beforementioned personal devices.

By combining the two security solutions, you're mitigating the risk of a potential data breach by protecting both devices and applications your employees use on a daily basis. 

7. Don't forget the backup

In case your mobile device is lost or stolen, you'll want a way to access the potentially compromised data. To make things easier for yourself, choose a cloud solution that performs backup automatically. This is how you'll make sure that the retrieved data is as up-to-date as possible. Keep in mind that remote backups are vulnerable to potential attacks. To eliminate such risks, implement appropriate encryption practices.

8. Utilize encryption

Encrypt the data stored on and flowing in and out of your mobile device. VPN is a good solution for this case. Also, avoid submitting and transferring personal and sensitive information if connected to a public Wi-Fi. Thretas present include poor end-to-end encryption, Man-in-the-Middle attacks, altering the data in transit, eavesdropping, etc.

9. Disable features when not necessary

Bluetooth and Wi-Fi, if enabled, are the entry point for the bad actor. To mitigate the risk of an attack, disable both features when not in use. This way, you're limiting your exposure and minimizing the landscape on which the hacker can operate on.

10. Beware of phishing scams

Phishing scams come in the form of an email or an instant message containing a malicious link or attachment. The malicious contents of the email usually skim the data stored on the mobile device and bring them in the hands of the attackers. What happens next is up to them. Consequences range from publishing the data on the dark web, incoming account takeover attacks, ransom requests – the list is pretty long. The content of a phishing email is usually an offer that is too good to be true or an urgent matter requesting user credentials or confidential data. In case the unsuspecting user acts according to instructions, the chances for a security breach are pretty high. Approach such messages with caution and think critically when deciding on your next move.

11. Be mindful of granting permissions

We're all used to granting permission to certain apps upon installing them on our mobile devices. We simply don't put much thought into it. Permissions usually include gaining access to the contacts list, gallery, camera, and authentication methods such as fingerprint or face ID. However, granting permission to access your camera for a Sudoku app doesn't sound legit. Required permission should be backed up by the functionality of the app itself. Next time you install an app, ask yourself the following; What's the least amount of privilege the app should have for it to perform the functions I'm downloading it for?

12. Block untrustworthy mobile apps

Among the common mobile security best practices is the advice only to download mobile apps from the official app marketplaces; Google Play Store for Android, and App Store for iOS. Enterprise mobility management solutions enable your company to select apps they find untrustworthy. This way, the company is eliminating the possibility of an attack by blocking mobile applications that contain known flaws and are a potential threat to the organization.

13. Implement authentication and access management

To makes sure that the person accessing an intranet service is who they claim they are, set up Multi-Factor Authentication. By implementing MFA, you are layering and added security measure by prompting the user to submit two out of three authentication elements:

  • Possession (the mobile device)
  • Knowledge (A password, PIN, OTP...)
  • Inherence (fingerprint, face ID)

Access management helps IT admins assign an appropriate role with an appropriate authentication security level to a particular employee. Also, based on the risk conditions and the device's trust, access management enables parameter customization, which decides whether to request MFA or not.

14. Monitor and prevent mobile application threats

In case your company uses own, internal mobile applications for business operations, consider implementing a mobile application security solution. App Protector by ASEE is a mobile application security component designed to monitor, detect and protect the application from mobile security threats. It is based on the Runtime Application Self Protection mechanism, enabling threat responses in real-time. If interested, check out our recent article.

15. Clearly communicate mobile device security best practices and their importance

Regardless if you're a small business or an enterprise, mobile device security best practices should be clearly communicated and security policies set up by the IT staff. Educating all of the company's stakeholders about threats and best practices to mitigate mobile device security risks is vital.

App protector download datasheet

In case you're curious, feel free to contact us - zero obligation. Our ASEE team will be happy to hear you out.

Want to learn more about cybersecurity trends and industry news?

SUBSCRIBE TO OUR NEWSLETTER

CyberSecurityhub

chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram