Organizations of all sizes are rapidly implementing Bring Your Own Device (BYOD) policies to provide end users with the ability to remotely connect their personal devices to the company network.
As a result, mobile device security has become more important than ever. Organizations that have implemented BYOD must continuously test, evaluate and revise their policies concerning network security. Since any device that connects to your network could pose a threat, it is imperative that you build a security policy that gives users the ability to work effortlessly while protecting the integrity of your organization’s network.
This guide will help examine of the most common Mobile Device Security policies used by enterprises around the world.
Microsoft Exchange and Mobile Devices
Most businesses rely on Microsoft Exchange as their e-mail platform. One of the best features of Exchange 2013 is that businesses can setup strict security requirements for those who are authorized to use their mobile devices to access their email accounts.
Administrators can login to the Exchange Control Panel (ECP) and begin setting up mobile device mailbox policies from the mobile tab on the left hand side of the administration panel.
From there, administrators can customize policies such as mandatory mobile device encryption, a complex password for the device and a specific number of incorrect entries before the device is automatically wiped. These security features will help prevent sensitive data from shared with the unwanted third parties in case the user loses, misplaces or has the device stolen.
User Training Sessions for Mobile Device Security
One of the best ways to protect your enterprise network from threats originating from mobile devices is to train the users on latest threats.
Many organizations require employees to undergo Information Security Awareness training before the IT staff provides the user with Active Directory credentials. The Mobile Device Security policy should also follow the same template.
Users should undergo training and pass a test before they are granted BYOD access to the network. This training should focus on best practices, key threats and common scenarios that the user may encounter. Since many of today’s emerging threats are targeting mobile devices, users with BYOD access should be required to attend remedial training at least once a year to give the end users a refresher on any updates to the BYOD policy.
Require Antivirus and Antimalware Apps
Mobile devices are becoming more vulnerable to emerging threats. Pew Research says that 68% of Americans use a smartphone and 45% of Americans have a tablet.
Given the rapid adoption of mobile devices, many users are unaware of the vulnerabilities therefore making these devices prime targets for hackers.If a malicious app or program were to gain access to your contact list, company documents or other sensitive information, hackers can use this information to penetrate your network or launch a social engineering attack.
Some enterprise AV suites include a mobile edition of their app that can be deployed to mobile devices on the network. Malwarebytes Anti-Malware also exists for mobile devices, which could be another layer of defense against advanced mobile vulnerabilities.
Third Party Solutions
It is nearly impossible to securely implement a BYOD strategy without the use of specialized third party apps. Carefully consider the industry of your business and think about the auditing requirements associated with the data that will be displayed on mobile devices.
Medical organizations that must adhere to HIPAA requirements are electing to use containerization and virtualized apps in order to securely view medical documents on mobile devices. Other industries may not require such sophisticated solutions.
For example, the NFL uses BMC’s Mobile Device Management (MDM) suite to help manage devices that are given to players. Since NFL players use tablets to study the playbook, MDM helps NFL teams securely distribute the playbook to players that require it. If a player is cut from the team, the MDM suite can be configured to remove the player’s playbook. This security policy was created to ensure that NFL free agents are unable to take a playbook from one team and provide it to another.
Mobile Device Security Comes in All Shapes and Sizes
Gauge the level of security that you need to provide to your employees that use mobile devices and craft a plan that provides adequate balance between security and usability.
Organizations that do not currently have a BYOD policy are encouraged to take a baby step approach to bringing personal mobile devices onto your network. If you host your own exchange servers, providing remote access to email is a great start.
If you require more robust BYOD policies, you may need to look into third party solutions such as IBM’s MaaS 360, Microsoft’s Intune or BMC’s Mobile Device Management suite.
If you have any worries about your network security, please call us at (833) 482-6435, or click the banner below to schedule an IT security audit so we can find the best security solutions for your business. Preparation for threats like this is a small cost compared to repairing the damage of an actual infection.
If you enjoyed this IT Support article, please check out other posts on our blog and join us on Facebook, Twitter, LinkedIn, and Google+ to see how else we can help your Greenville, SC or Atlanta, GA area business succeed!