Symantec has released some interesting findings from an industry survey that examines mobile device policies amongst small to medium sized business (SMB's).
With the dramatic increase in smartphone usage, there has been a corresponding increase in the targeting of mobile devices by criminal malware producers, creating additional threat vectors many businesses have yet to address.
The Consumerization of IT Smartphone End User Survey found that seventy-one percent of the survey respondents believe that allowing employees use the mobile device of their own choosing for work-related activities increases employee productivity somewhat to significantly.
Overall, sixty-three percent of respondents indicated that their company currently allows employees to use mobile devices of their own choosing for work-related activities.
The study also found that twenty-three percent of respondents believe allowing employees to use the mobile device of their choice has no significant impact on the overall security of the company's networks, while fifty-two percent believe that employee choice only decreases overall security somewhat.
As far as utilizing the devices for personal use, ninety-one percent of respondents said their company places no restrictions on employees who use their work-issued mobile device for personal use.
The survey results clearly show that the majority of small to medium sized businesses do not consider the risks posed by mobile devices to company networks as being a primary concern, even though attacks against mobile devices is trending upwards at a dramatic rate.
Based on the survey results, Symantec recommends SMB's implement some basic security strategies regarding the use of mobile devices in the workplace:
- Encrypt the data on mobile devices – The business-related and even personal information stored on mobile devices is often sensitive. Encrypting this data is a must. If a device is lost and the SIM card stolen, the thief will not be able to access the data if the proper encryption technology is loaded on the device.
- Make sure all software is up-to-date – Mobile devices must be treated just like PCs in that all software on the devices needs to be kept up-to-date, especially the security software. This will protect the device from new variants of malware and viruses that threaten a company’s critical information.
- Develop and enforce strong security policies for using mobile devices – In addition to encryption and security updates, it is important to enforce password management and application download policies for managers and employees. Maintaining strong passwords will help protect the data stored in the phone if a device is lost or hacked.
- Avoid opening unexpected text messages from unknown senders – Just like emails, attackers can use text messages to spread malware, phishing scams and other threats among mobile device users. The same caution should be applied to opening unsolicited text messages that users have become accustomed to with email.
- Click with caution – Just like on stationary PCs, social networking on mobile devices and laptops needs to be conducted with care and caution. Users shouldn’t open unidentified links, chat with unknown people or visit unfamiliar sites. It doesn’t take much for a user to be tricked into compromising a device and the information on it.
- Users should be aware of their surroundings when accessing sensitive information – Whether entering passwords or viewing sensitive or confidential data, users should be cautious of who might be looking over their shoulder.
- Know what to do if a device is lost or stolen – In the case of a loss or theft, employees and management should all know what to do next. Processes to deactivate the device and protect its information from intrusion should all be in place. Products are also available for the automation of such processes, allowing small businesses to breathe easier after such incidents.