We hear about it so frequently that we hardly pay attention anymore: Some company somewhere experiences a security breach that costs a boatload of money to remedy. In fact, according to a 2018 study by the Ponemon Institute, the average cost of a data breach climbed to $3.86 million. And despite the cost of cleaning up the resulting mess, some companies’ brands never recover.
So what do you do? You get good security protection for your company computers. You hire an IT expert to check everything out and give you a thumbs-up. You analyze your business phone options and choose one that provides solid security. But is that enough?
According to ZDNet’s report on Verizon’s Mobile Security Index for 2019, businesses of all sizes have – in general – failed to take appropriate action to head off their number one security concern – mobile devices. As companies and individuals have shifted toward increasing reliance on mobile technology, rather than desktop devices, security measures have not kept up. In fact, Verizon’s results indicate that the majority of companies are at serious risk of attacks on mobile devices and that roughly half of companies surveyed have prioritized profit and speed of operations over mobile security.
Now, your business phone service is hard at work developing, updating, and maintaining security features for your phone service. Odds are, your desk phones are pretty darn secure. But anytime you or your employees are accessing business data on devices that connect to the internet – whether it’s a desktop or laptop computer or a smartphone – you’re taking security risks, potentially big ones. Because mobile devices are the biggest security concern for most companies, let’s explore strategies your company should employ to make your business communications and data more secure.
Update your software
It’s a simple measure, but it’s one many individuals and companies neglect. Keeping all your software and apps updated means you get the most current security protection. Failing to update software leaves you vulnerable to known risks. Make sure that every device used for business is updated as often as necessary. Don’t just assume that your employees keep up with updates. If you don’t prioritize security, nobody else will either.
Avoid public wi-fi
You wouldn’t take out a billboard ad that reveals proprietary or sensitive information about your company. When you or your employees use public wi-fi for business matters, you’re potentially exposing sensitive data to hackers who can mine your mobile device for valuable information that can put your company at risk.
It’s vital that companies establish policies for the use of mobile devices for business, and it’s critical that every employee understand these policies. One employee working over lunch in Panera or Starbucks can put an entire company in jeopardy. Make sure you and your employees are careful about how and when they access the internet for business. A VPN or even your mobile phone’s 3G or 4G service is far more secure than public wi-fi. Employees may have the purest of intentions, but unwittingly exposing company data can still cause huge headaches. Be clear and consistent about how company data should be safeguarded.
Establish role-based access
Access to information is typically limited to employees whose roles demand it. That’s simply common sense. After all, you don’t have your HR records sitting out in plain view, either literally or figuratively. Take this same approach and apply it to electronic access as well.
It’s common practice – for good reason – to maintain certain information on the cloud, allowing employees who need to collaborate or access data remotely to work from anywhere. But the information readily available on the cloud should be limited to what’s necessary. Unless the head of HR needs to be able to work from home, for example, there’s no reason to establish remote access to HR data. Limiting the information that’s available via mobile devices minimizes the damage a hacker can do to your company.
Additionally, requiring employees to log in to access information reduces the risk of unauthorized access from lost or stolen devices. Requiring login after idle time is a good practice as well, for devices both in and out of the office. The idea is to refrain from simply offering up sensitive data to anyone who might happen to look for it. Access should be role-based, and it should require authentication.
Practice good password hygiene
Like the advice to update your software, this strategy may seem obvious…but it’s one that too few companies adhere to. In fact, a 2017 Verizon Data Breach Investigations Report found that weak or stolen passwords were to blame for more than 80% of hacking related breaches.
Yes, it’s a pain to have to remember the scores of passwords we all need on a daily basis, and hackers thrive on laziness. Despite the inconvenience, it’s positively negligent for companies to fail to require employees to have strong passwords that are changed frequently. Every device, every app, every way that your employees access your company’s data needs to be properly password protected. Using one of the many password managers is the easiest and most secure way to help employees cope with the potential difficulties of requiring strong passwords.
Your business phone service is a vital link to the world, and your phone provider invests heavily in providing secure communications. Mobile devices complicate our security scenario, though, and it’s critical that we employ basic strategies to keep vital company data secure.