Don’t have an IT team in your small business? Still concerned about security? Well, that’s a good attitude to have. Just because you’re small doesn’t mean you’re not a target, and it’s worthwhile to take these ten simple steps to help keep mobile devices running smoothly and safely.
Theft is the Biggest Risk
Phishing, malicious websites, social engineering: all aim to steal your usernames and passwords, opening you and your company up to a wide variety of problems. Since anyone can be fooled, the best strategy is to make sure that a stolen password doesn’t offer the keys to the kingdom.
Tip 1: Use different passwords for every application or system. This way, if one password is compromised, it doesn’t get the attacker any further traction.
Tip 2: Keep track of all those passwords with a password manager, preferably one that synchronizes automatically to keep your smartphone, laptop and desktop all updated.
*Bonus Tip: don’t worry about changing those passwords, and don’t make them super-hard to type. Length is the most important thing. Let your password manager suggest something long and secure (10-12 characters are good).
Tip 3: If you can turn on two-factor authentication, especially for any financial services, now is the time. Even the simplest type of two-factor authentication, such as requiring a special code sent to your smartphone as a second password, is so much better than normal usernames and passwords and is well worth the effort. Turn on two-factor everywhere it is supported — it makes stealing your passwords much more difficult for the bad guys.
Patch, Patch, Patch and Update
There’s always a new security alert, but don’t forget that there are decades of old security alerts out there, too. Most people don’t get cracked by the newest thing — they’re compromised by something months or even years old, because they’re not running the current software.
Tip 4: If you have just one smartphone, enable automatic software updates both for the operating system and applications.
Simplify Smartphone Security with Mobile Device Management
Tip 5: If you have more than one phone in your company to worry about, sign up for a cloud-based mobile device management (MDM) small business security solution (Samsung Knox Manage is a good example), and use that to enable firmware and application auto-updating. If it seems like there are too many updates, you may have too many applications loaded. Don’t forget that each one is a potential security risk. Paring down your loaded applications will speed your device, reduce updating complexity and increase overall security.
Mobile device management is a great way to make sure that all smartphones have the same configuration for the most important security-related settings. If you’re using Microsoft Office 365, you actually get a very basic MDM tool for free, automatically installed and running on every mobile device that connects to your Office 365 account.
Lock Your Phone and Wipe It When You Have To
Tip 6: Smartphones are easily lost or stolen. Since most people leave their email and social networking logged in all the time on their phone, a passcode or PIN to unlock the phone is a must. Longer is better than shorter, but most people will only tolerate four to six numbers.
Tip 7: Use biometrics if you can. Most newer smartphones have biometric unlock features, such as using fingerprint, iris or face recognition to unlock the phone. These aren’t perfect, but they can speed up the unlock process. They also reduce the chance of “shoulder surfing.” That’s when someone watches you type in your password, just before stealing your phone. Gesture-based passcodes, such as moving your finger in a particular pattern, are especially easy to steal — stick with passcodes and biometrics.
Tip 8: If you have an MDM running (whether standalone or Office 365), you can use it to make sure that everyone has passcodes, automatic wipe after multiple failures, and automatic lock turned on. You should also look at remote locking and remote wiping features that are built into MDM tools. Most thieves will turn your phone off instantly — they’re usually interested in selling the phone, not the contents.
Tip 9: If you misplace a phone, you can try to remotely wipe it or lock it using MDM. Some MDM tools have a “find my phone” feature as well, which can help track down a misplaced smartphone.
Think Before You Connect
Smartphones switch quickly between cell networks and Wi-Fi networks, but the security risks are not equivalent. Wi-Fi in your building, if protected by usernames and passwords, can be pretty safe. Open Wi-Fi is another matter — every time you leave the office and use public Wi-Fi, someone can easily monitor your traffic.
Tip 10: The safest approach is to try and stay on your cell carrier’s data network as much as you can when on the road. Don’t be tempted by free Wi-Fi — if you have to, bump up your data plan so that you’re not worried about usage on the road. Unless you’re streaming videos, it’s unlikely you’ll exceed your data cap anyway. If your company is paying for multiple phones, you can usually find a plan that lets you pool your data, making overage charges even less likely.
Using this list of ten simple tips, you can effectively improve security for small business smartphones, and focus on running your business with fewer worries.