By Jason Hoenich on Feb 26, 2019
Creating a culture of security at your company is about more than just dishing out training; you have to make sure your data protection efforts hit all areas of your employees’ lives—and that includes mobile devices.
According to the Pew Research Center, 95 percent of Americans own a cell phone, and 77 percent of them own a smartphone. You’ve got to give your workers the knowledge and tools they need to practice healthy, secure mobile habits to ensure their information—and yours—stays safe.
Here are six steps that can help your employees rock data protection on their mobile devices.
1. Prime them on protecting passwords.
This one is basic, but a lot of people haven’t adopted this safe mobile security habit yet: Password protect all mobile devices! Or, better yet, encourage your workers to use Touch ID or face recognition to protect their phones.
2. Coach them on turning off lock screen notifications.
Yes, they might be convenient, but if your workers are getting notifications on their lock screens, they’re inviting prying eyes into their private and business worlds. Also, if the lock screen settings are set to let employees respond to texts even when the screen is locked, encourage workers to disable this feature.
Why? Imagine someone steals Melanie in marketing’s iPhone and her partner sends her a text, not knowing that the device has been nabbed. If the “respond on lock screen” feature is enabled, the criminal with Melanie’s phone can easily ask for the unlock code, posing as Melanie. Suddenly, the criminal has access to everything Melanie’s phone has to offer—from pictures of her dog Mr. Muffin to the schematics for your new product release coming up next month.
3. Offer tools to keep photos and files private.
You know the story: While out at the club, a trendy actor or model forgets her phone at the bar or in a bathroom, and photos get leaked to the press. But is that what really happened? Photos are most often leaked because celebrities get hit with a phishing email and don’t have two-factor authentication turned on.
But in your reality? You’ve got to worry it’s your employees, and they face these same risks.
And if they’ve downloaded company files or images, they could be putting your company at risk. Encourage employees to use a cloud-based photo vault app with two-factor authentication to store sensitive images or files. Or consider setting permissions on internal apps or creating a policy that sensitive company files can live only on work devices.
4. Teach them to surf smarter.
Since the dark ages, employees have been using their mobile devices to access sites blocked by their employer, which can create a dangerous scenario if they’re hopping on and off your secure network.
Imagine an employee uses their data connection to visit a virus-filled site and then hops onto your secure business connection, bringing everything with them. This can pose a danger to your whole company, not just the employee’s mobile device (just look at this conversation, yikes).
Work with employees on best practices for the web and remind everyone of the dangers of visiting problematic sites. Also? Make it relevant from both the personal “don’t get your Facebook login stolen” perspective and the business angle (i.e., “one wrong click and you let a cybercriminal into the entire company’s private server”).
5. Train them to spot phishing emails.
Cybercriminals infect devices through phishing emails using nefarious attachments or links. Make sure employees know how to determine whether a “too good to be true” email is actually infected with malware that could be problematic for their phone and the entire company network.
If Larry in the mail room gets an email from the CEO offering him free tickets to Maui for being an amazing worker, make sure Larry has the skills to be able to spot the signs of phishing.
6. Give them a work phone.
If your company hasn’t embraced the BYOD philosophy, a choose-your-own-device (CYOD) work phone is a solid solution to data protection. This gives your company control over the hardware, operating system, carrier—the works.
This can improve IT management and data protection control, too, because employees will be responsible for having certain security-reinforcing apps on the phone at all times. It can also mean cost savings, because greater management over how your employees are accessing company files and work emails means you can build a more solid culture of security and reinforce healthy mobile security habits.
They’ll also be beholden to any internal policies for work devices. Although nothing is a cure-all to employee habits and data protection, this could get you one step closer to best practices. Just remember that most employees actually prefer using their own device, so this isn’t a cure-all.
Get started with data protection.
You can’t up and decide “no mobile devices at work or for work tasks.” Not only is it next to impossible for most people to ignore their phone long enough to inhale a sandwich for lunch, but when employees use portable devices for work tasks, it actually saves workers nearly an hour per day and increases productivity by 34 percent!
The solution to mobile data protection is to give employees the tools, education, and know-how to practice healthy security habits—and it all starts with security awareness training that doesn’t suck (hey, that’s us!).