For the purposes of this post, consider a mobile team to be anyone that can do any of the following via any type of mobile device (smartphones, tablets, laptops, PDA's and so on):
- remote access your network
- view, edit & share business information
- download & upload information to the cloud - business grade or private services
By any of these means, your mobile team are essentially taking your business information outside the four walls of your office and this creates a new level of risk which you can reduce considerably if you proactively put some security measures in place.
It's important to first note the risks you face with a mobile team:
- Open to untrustworthy behaviour - once you give your team remote network access, they have the opportunity to then save local file versions on their device and do what they like with them.
- Data accuracy could be compromised - information can often be edited on a device, and if this is not syncronized with your network, there may be uncertainty as to what information is correct.
- Lost or stolen devices - business information stored on the device could be accessed and manipulated, or worse still - used for ransom.
- Lack of built in security measures - unfortunately mobile phones tend to come with little or no pre-installed security measures. Adding to that, wifi transmissions are not always encrypted, so the information you send to and from the device may not necessarily be secure.
Fortunately there are several measures you can take to ensure that you are doing your best to protect the information you are trusting your mobile team to manage:
- Implement a list of mobile security measures for you & your team to follow. This should include:
- PIN protecting the device
- Verify the authenticity of software downloads
- Whitelisting approved software applications
- Install firewalls, security updates & anti-malware software on the devices
- Enable encryption for data that's stored on the device
- Ensure the devices are security-scanned as soon as they are plugged into your network
- Remotely disable devices that are lost or stolen
- Implement a mobile security device policy, or add a mobile device section to your existing IT Security Policy. This will ensure that your team are treating mobile devices with care and it will also keep them accountable as they access & manage information securely.
- Develop a BYOD policy (or add to your IT Security Policy as well) - even if you provide business owned devices to your mobile team, there are likely other team members that use their own device from time to time for business purposes. This policy should outline the expected BYOD behaviour to ensure that team members have the best interests of your business in mind.
- Train your team on mobile device best practice behaviour. This is also a good opportunity to talk through your security policy.
- Run regular risk asssesments and audits on your mobile devices to pick up on any gaps or new risks. This will then act as a catalyst for improvements to your current security platform.
If you'd like more information on the measures you can take to ensure your mobile team is secure, call us on
02 4254 5444 or email us. We'd be happy to help.