More and more employees are using their own smartphones for work-related purposes. A recent study found that 87% of employers expect employees to access business apps for work using their personal phones. Nearly half of the employees who were asked indicated their employer required them to use their personal smartphone in the office, while 23% reported they were pressured to use their phones for work when they were outside of the office.
If an employee’s phone is lost or stolen, it can be a security nightmare for a company. If you consider that, in 2014, 2.1 million cell phones were stolen and another 3.1 million smartphones were lost, the magnitude of the problem becomes apparent. One smartphone in the wrong hands can compromise important proprietary information and provide access to company email and passwords. It is essential that mobile device security is taken seriously.
If the task of securing employees’ phones seems daunting, we offer the following tips to help your organization maximize security. Following these suggestions could mean the difference between a lost or stolen phone being a minor annoyance or exposing valuable company data.
1. Establish and Enforce a Security Policy
A security policy that sets standards for employees’ BYOD (Bring Your Own Device) usage will help keep the devices secure. This policy should address which devices can be used, as well as what type of information can be accessed and stored on them. In addition, the policy should outline mandatory security settings, including:
- Requiring all devices be protected with passwords or biometrics
- Setting devices to be wiped if too many unsuccessful entry attempts are made
- Displaying a personalized message on the lock screen with a phone number to call if the phone is lost
- Prohibiting certain apps that could represent a security threat
- Requiring encryption for removable storage cards
2. Enable Find My iPhone
If an iPhone is lost or stolen, Apple’s Find My iPhone app can help recover it. This app is helpful for any iPhone user, but it can be a particular lifesaver when the phone in question contains sensitive information. Find My Phone allows users to locate a lost or stolen iPhone, as well as disable it or even wipe it completely without actually having the phone in hand.
When a phone goes missing, the owner can log into Find My Phone from another phone or on iCloud. From there, the user can locate the phone on a map, put the phone into lock mode, or erase all the data on the phone. This can help lead to the phone if it was accidentally misplaced. If the iPhone has been stolen, meanwhile, the app can help law enforcement determine its whereabouts and possibly lead to the person responsible for the theft.
Lost or stolen iPhones should also be reported to the carrier, which will suspend service and possibly block the device from being used on its network.
3. Lock Down the Lock Screen
The iPhone lock screen now allows many types of user interactions while the screen is locked. This is convenient for things such as reading messages without having to unlock the phone. However, if the phone falls into the wrong hands, it can allow whoever has the phone to read and reply to messages. Fortunately, there are a few ways to prevent this from happening.
- Disable Notifications. This will prevent messages from specific apps from appearing on the lock screen.
- Disable Show Previews in Notifications. With Show Previews turned off, the lock screen will show that a message was received from a specific person, but it won’t display the message content until the iPhone is unlocked.
- Disable Reply with Message. This feature, if not disabled, allows the user to reply to a message from the lock screen without unlocking the iPhone. Disabling it will prevent someone who may have the phone from responding to messages and assuming the identity of the phone’s owner. If they did so, they may be able to obtain sensitive information without even having to unlock the phone.
Other features that can be disabled from displaying on the lock screen of an iPhone include:
- Today view
- Notification center
- Home Control (allows control of home automation devices in Control Center)
- Wallet (This will disable Apple Pay.)
4. Back Up the Phone
Backing up phones makes it easy to restore data if the phone is lost or stolen. If you have a fleet of phones that your employees use, backing them up should be policy. If employees use their own phones for work purposes involving important information, that should be backed up, too.
There are three ways to back up an iOS device:
- iCloud: With iCloud backup, the data is backed up to Apple’s iCloud server over the internet. The advantage to this method is that the phone doesn’t need to be plugged into a computer to back it up. The disadvantage is that if someone gets into the missing phone and changes the iCloud password, the owner won’t be able to access the backup.
- iTunes: Backing up to iTunes requires a physical connection to a computer. Unlike iCloud backup, the data is stored on the computer. The advantage of this method is that the user always has access to the backup. The disadvantage is that a computer must be available in order to perform the backup.
- Hybrid: Backing up to both iCloud and iTunes combines the convenience of iCloud backup with the safety of iTunes backup.
There are four ways to back up an Android device:
- Google Sync: Similar to iCloud, this service backs up data over the cloud to Google’s server. The disadvantage to this method is that Google Sync won’t back up user-installed apps. In the event data must be restored, the apps must be re-downloaded and reinstalled.
- Manufacturer’s Apps: Phone manufacturers usually have their own backup apps. The downside to this solution is the backup doesn’t include apps or any custom folders created by apps.
- Third-Party Apps: A number of third-party apps are available that allow users to back up their devices.
- Backing Up to a Computer: Connecting the phone to a computer via USB will allow data to be moved or copied directly onto the computer.
For security, it’s important not only that you do these things, but also that doing them is part of a formalized policy on the books. Be sure to educate your staff about cybersecurity risks. Protecting information on mobile devices is just one of many things you should be doing to protect your business’s information.
Sentek Global helps organizations keep their information secure by developing security systems based on penetration testing and through risk assessments. Contact us today to learn more about how we can help your organization keep your mobile devices — and all your other digital assets — secure.