Whether your company uses a bring-your-own-device model or provides smartphones for employee use, mobile devices bring cybersecurity risks for your business. It’s important to understand these risks and mitigate them as best you can to protect your customers, employees and company.
Why Mobile Device Cybersecurity Matters
Mobile devices offer criminals opportunities to steal information and install malware or ransomware. The consequences of the theft of employee or customer information can be extreme. Businesses can be subject to fines, lawsuits, reputation damage, loss of income, and huge expenses trying to clean up in the aftermath. While cyber insurance can help with these costs, it’s best to avoid a cyberattack in the first place.
Phones are particularly vulnerable as people use them constantly and may have their guard down when it comes to messages and apps.
Cybersecurity Threats for Mobile Devices
Phones are particularly susceptible to these common threats:
- Unsecured Wifi – Open wifi networks where criminals can steal data or login information.
- Malicious Apps – Fake or functional apps that demand access or permissions to more than they need to work in order to install malware or access information.
- Phishing – Fraudulent emails, messages, or phone calls that request information or ask you to download something. They often use fear, urgency or offer an irresistible opportunity.
As a business owner, your job is to inform employees of these risks and do your best to protect client and company data.
How to Manage Cybersecurity Risks for Mobile Devices
Here are our tips to manage your company’s mobile device cybersecurity risks:
- Inventory all devices including year, make, model and which employee has the device.
- Develop cybersecurity training for employees that includes common cyberattacks and how to deal with them, create strong passwords, and use their mobile devices securely.
- Require refresher cybersecurity training every year.
- Ensure all mobile devices are password protected and automatically lock after 30-60 seconds without use.
- Enable automatic software updates.
- Use multifactor authentication (require facial recognition and a password, for example).
- Use a VPN on all company devices used out of the office.
- Install anti-virus/firewall or other protective software on mobile devices.
- Do not allow employees to download apps unless approved (apps should only be downloaded from the respective app store, permission requests should be evaluated and the privacy statement and terms and conditions should be read through to verify).
- Encourage employees to only use secure wifi.
- Require strong passwords or passphrases that include lowercase and uppercase letters, numbers, and symbols. You can use a password management app to help.
- Disable features like Bluetooth, wifi, and geolocation when not in active use.
- Back up data on the cloud and physically.
- Get a cybersecurity audit done.
- Get professional IT support if necessary.
- Protect your business from the effects of a cyberattack or data breach with cyber insurance.
If you’re interested in cyber insurance or discussing cybersecurity resources, please contact one of our brokers.