Mobility is built into today’s business world. Professionals use mobile devices to work both inside and outside the office — whether they’re accessing important documents, responding to emails, modifying code, or anything else.
Safeguarding these devices is paramount to maintaining the integrity of a company’s network and internal resources, and reducing the risk of data breaches and leaks. That’s where mobile data security comes in.
What is mobile data security?
Bryan Osima, a software engineer and CEO of Uvietech Software Solutions, defines mobile data security this way:
“Mobile data security involves all the steps and processes an enterprise takes to prevent unauthorized and potentially malicious access to its network and resources through mobile devices like smartphones and tablets, which team members often use to access the network while on the go.”
How can your company secure its data in a mobile world? Start with the tips below.
5 mobile data security tips to implement today
- Block potentially dangerous apps
- Restrict network access for older OS versions
- Add a layer of security to your cloud storage
- Employ multifactor authentication
- Use a password manager
1. Block potentially dangerous apps
Since many professionals use their phones for both work and personal needs, these two worlds often overlap. Mobile apps are an open door for bad actors to worm their way into otherwise secure networks. Brandon Ackroyd, a mobile security expert at Tiger Mobiles, says that many employees don’t realize some apps are malicious, designed to inject malware or steal data.
Ackroyd calls out one operating system (OS) in particular: “Android is particularly well-known for this, with Google identifying 700,000 malicious apps in the Play Store over a one-year period. If an employee inadvertently downloads one of these, it could result in unauthorized access to sensitive data on the device or the company network.”
2. Restrict network access for older OS versions
An employee could have more than one OS (iOS, Android, or Windows) on their phone — and each of these systems has multiple versions. That makes for a long list of potentially dangerous culprits accessing your company network.
This is dangerous, Ackroyd says, because out-of-date OS versions that no longer receive updates are less secure. The latest version of iOS or Android will typically have stronger security protocols than older versions.
To enhance mobile data security, Ackroyd recommends companies restrict access for older OS versions. “Only recently updated operating systems with better security standards should be allowed to access the network,” Ackroyd says.
3. Add a layer of security to your cloud storage
Any reputable cloud storage provider employs security measures like file encryption. However, Ackroyd says that the decryption key remains with the provider, calling into question whether you can be sure that the key is safe at all times.
“For example, Dropbox uses an excellent encryption system for files. But Dropbox keeps the decryption key and automatically uses it to decrypt your files when you log into your account. That means anyone who gains access to your account — even if you are hacked — can also access your data,” says Ackroyd.
To remedy this security vulnerability, Ackroyd recommends using an app like Cryptomator to encrypt sensitive files on the client side before uploading them to the cloud. “It’s an extra layer of security. Files must be decrypted in the vault created by the app before someone can gain access. So even if an unauthorized third party uses your account to access these files, they can’t read them.”
4. Employ multifactor authentication
Multifactor authentication (MFA) is the use of two or more pieces of evidence to authenticate or identify someone before providing access to a secure environment. “MFA is still not used widely enough, yet it represents one of the easiest and most important ways sensitive data can be protected,” says Nick Pye, CEO of Youmanage.
MFA ensures only authorized parties can access information stored on a mobile device or on a network accessed by a mobile device. “Companies must make MFA mandatory, not optional, to make it an effective tool for mobile data security,” Pye says. “Otherwise, many users will simply opt out to avoid having to take extra steps.”
5. Use a password manager
A password manager is another critical and relatively simple way to enhance mobile data security, says Pye. He mentions tools like LastPass and 1Password, which can automatically generate random passwords for each user account and store them safely in the cloud, fully encrypted.
“Not only is this more convenient since users don’t have to remember lots of different passwords, but it’s also more secure. Combining a password manager with other security measures like MFA will dramatically decrease the number of security incidents you’ll face,” Pye says.
Curious about other areas of data security? We created a lengthy guide on the topic to help you ensure your data is as safe as possible.