Mobile security—controlling and protecting sensitive data that’s accessible from a mobile device—has become a key component in many businesses’ security plans. Small business owners should be thinking about mobile security, especially if they or their employees use a smartphone or tablet to access work email or make social media updates.
In fact, 40 percent of cyber-attacks are directed at small and medium-sized businesses. Although 55 percent of small businesses classify security as a major mobile risk, only 16 percent have a mobility policy in place, according to a study by CompTIA, a non-profit association for the IT industry. This could be because some small business owners don’t think their companies are important enough to warrant an attack. In reality, small business’ general lack of device defenses and their position as “gateways” to larger firm or consumer data make them prime targets. Ray Potter, CEO and founder of SafeLogic, a security and compliance consultancy in Palo Alto, Calif., shares some of his tips for making a safe mobile environment part of your corporate culture:
1. Conduct a risk assessment. Start by asking some questions about the current state of your mobile security. What data do you need to protect? How could that data be compromised? What is the cost/impact if that data is compromised? Answering these questions will help you understand what countermeasures to implement, such as backing up data and locking the device when it’s not in use.
2. Set security policies. The risk assessment will help determine which security tools need to be put in place to protect your data. However, that doesn't mean just signing up for the latest Mobile Device Managagment/Mobile Application Management solution that secures, monitors and manages your mobile data. Instead, you want to establish a framework for acceptable and expected mobile use that is specific for your company’s needs.
3. Get employees involved. Ask your employees how having access to a smartphone or tablet helps their workflow, then educate them on the risks and best practices for working remotely. Including their input in your security strategy encourages them to take ownership of the process, making them more likely to follow the procedures when completed.
Although small businesses should be worried about mobile security, Potter says they shouldn’t over-think it. The level of security you need depends on what corporate information is enabled through mobile devices and at what frequency. “While mobile security should protect your business’ proprietary information, it should also ensure that data is available to the right people at the right time,” Potter says.