Home » Guides » Mobile Device Security

Mobile Device Security

Keeping devices secure is imperative in a connected world

By Ashir Badami, senior editor at Business.com, Business.com
When it comes to mobile devices, small businesses are ready to go. From smart phones to netbooks, there are an increasing number of sophisticated tools that businesses can use to go mobile.

According to research firm IDC, 75 percent of the U.S workforce will be mobile by 2011, a sharp increase in mobile device use. Without a doubt, mobile devices offer greater flexibility and better productivity by allowing employees to work outside the confines of brick-and-mortar operations.

But that can be a blessing and a curse. Along with greater mobility comes greater responsibility, namely in the form of managing security. Security breaches can cost thousands of dollars, and damage your reputation.

Unfortunately, even though more businesses are adopting mobile devices, few are making the effort to manage device security. The good news is that the solution doesn't have to be complicated or expensive, provided small-business owners cover all the bases.

Data protection
What makes mobile devices valuable is also their Achilles' heel. Devices that get carried around also get lost.

Adequate protective measures are needed to prevent unauthorized access of sensitive data.  Confidential information can take any number of forms, ranging from sales figures to your business' bank account numbers. In the wrong hands it can be a nightmare.

To protect data on mobile devices, enforce strict authentication measures. In its simplest form, authentication amounts to asking every mobile device user to password protect their device — and to change passwords frequently.

Encryption is also an excellent idea for all mobile users. Data encryption protects information from being "snatched" up by unauthorized users by encoding it so that only another computer or device with the requisite software can decode it.

Protect networks
You should also protect sensitive data on your networks. Remember: Mobile devices aren't just data repositories — they're also points of entry into your network.

It's worth nothing that as devices get more advanced they also become more attractive to hackers. If you have a number of employees in the field, it may be a good idea to use intrusion prevention software to protect your company data from being accessed via a hijacked mobile device. Both Symantec and McAfee offer intrusion prevention software.

To that end, it's also a good idea to limit access to sensitive data as well. Not every sales member needs access to company financial data. Using a firewall can help limit mobile users' access to sensitive information. In this way a phone left in a cab won't become a liability.

Contingency plans
On those occasions when devices do get lost, you should have a plan in place. For starters, document a plan for your workers detailing what they should do if their devices are lost or stolen. If possible, designate someone to handle these issues so you can react quickly.

If you're in a field such as health care or financial services and you have sensitive information that cannot fall into the wrong hands, consider using remote wipe capability to erase all data on stolen or unaccounted for mobile devices. Some providers allow you to use a mobile broadband card that serves as an authentication device, which can be remotely deactivated by you or your designated IT person should a device be lost.

You might also consider getting a cyber insurance policy to cover your liability. An insurance policy of this type can protect you against losses associated with unauthorized access to or theft of your data, computer viruses, and unauthorized e-commerce transactions.

Stay current
Another safeguard is to keep devices up to date. Make sure all handhelds, PDAs and portable computers have the current software updates and security patches. Updates can sometimes get overlooked due to time constraints, so make things easier by scheduling regular updates to make sure it happens — and make them mandatory.

Security policy
Ultimately, the best way to ensure that mobile devices are secure is to consolidate all of your requirements and mandates — from authentication measures to remote wipe capabilities — into a single mobile security policy. Document all obligatory actions and processes and disseminate the information among your employees. Keep the document current to make sure users have the best information possible. You should also communicate urgent security updates or notices via e-mail.

Ashir Badami is a senior editor at Business.com, the web's largest business-to-business searchable directory and home to over 35,000 business how-to guides.

Find mobile device security software and services at Business.com, the Internet's largest business-to-business Web site. Business.com reaches 40+ million users monthly online and is home to more than 35,000 how-to guides that help small business owners solve problems and find opportunities. Copyright © 2009 Business.com, Inc.  All Rights Reserved.

Copyright © 2011 Business.com, Inc. All Rights Reserved.