Smartphones increase exposure of company information
Simple steps can help reduce likelihood of data compromiseFebruary 16th, 2017
The recent technology boom has given rise to a world where people check their smartphones an average of 150 times per day, and much of that activity happens within mobile and social apps that are connected to sensitive information.
The younger workforce, in particular, is adopting mobile technologies at a rapid pace, and they are much more inclined to incorporate those technologies into the workplace environment. As a result, the line between personal and business-related phone use is blurring, with more people now using their devices to stay connected to work through email and other means.
Adding to the complexity, stealing data has become easier and more frequent, making the threat of hacking and data theft a real concern for individuals and organizations alike. As much as people use their phones today, many don’t take the time or proper precautions to ensure their information is secure. Now more than ever, it is important for everyone to take phone security seriously.
With that in mind, organizations that issue phones to their employees for business purposes or allow employees to access company information on their personal devices must consider methods for securing their information adequately. Whether that means putting policies in place or simply sharing best practices and encouraging employees to be alert, protecting sensitive information can start with simple steps.
First, don’t set and forget. Regularly revisit the phone’s settings to ensure they still meet expectations, especially after a major upgrade. Oftentimes, the operating system will revert to its default settings after an upgrade without notifying the user. Leading enterprise IT company Forsythe Focus points out that many people expect their devices are secure by default, when in reality, it’s up to the user to make security configuration changes.
There is a connection between people’s knowledge of privacy settings and how the actual technology influences their ability to control or change those settings. The fact is, many people are unaware or unknowledgeable, and as a result, don’t change their settings to maximize security. Be sure to check the following settings to make sure your phone is as secure as possible:
•Location services. That indicates what apps users are willing to share their location with and how often—never, when using, and always. Periodically checking those settings at the app level will ensure users didn’t change the setting temporarily while using an app and forget to change it back.
•System services. That indicates what location-based information users are willing to share with Apple to improve various functionality for the user community at large.
•Limit ad tracking. That indicates the user is purposefully limiting the tracking of their device for advertising purposes. When turning this feature on, also remember to reset the advertising identifier function so future tracking can’t be connected back to the user.
In the Safari web browser settings, check the “Do Not Track” feature and the “Block Cookies” setting. Turning on the “Do Not Track” and setting “Block Cookies” to allow from “Current Website Only” will limit the information that is left behind when visiting various websites.
Reviewing a company’s policy for work-related phone use is an important step. Bring Your Own Device (BYOD) programs have become popular in recent years, permitting employees to use personal devices to access organizational information.
Users gain convenience, while employers benefit from increased productivity and reduced information-technology expenses. Companies also can use BYOD policies to address the heightened risks of data security and privacy breaches that arise when employees use their personal devices to access or store company data.
Such policies are a key part of an organization’s efforts to protect company assets by prescribing appropriate behavior for individuals who have access to them. For work-issued devices, some companies have the capability to wipe a device of its data remotely if it is stolen, or at the very least, remotely lock it so the hacker cannot gain access to the device.
In general, users should think carefully before downloading apps. Many times, phone security breaches are made possible through malware on illegitimate apps, which can help hackers gain access to both personal information, such as emails, photos and documents, as well as company data. Android devices, for instance, are less stringent about vetting legitimate apps than Apple.
Additionally, users should pay close attention to apps that require access to many of the phones functions and information, such as contacts and location. For example, a weather app that requires access to the phone’s microphone should give users pause. Once an app downloads, it is also common for the privacy settings to be difficult for the average user to find and, thus, difficult to change.
Also, downloading updates for the device’s operating system and apps as they become available will ensure that patches for any known security vulnerabilities are applied and that the user is operating in the most secure environment possible. Furthermore, it is a good idea to review regularly the apps users have downloaded and to remove any they no longer use. Doing this will limit the information users share with various apps for no particular benefit.
While these may seem like drastic steps to some, the importance of securing information on smartphones shouldn’t be downplayed. The threat of hacking, data theft, and invasion of privacy will only become more prevalent—and should be taken seriously—as mobile technologies continue to advance. In the long run, organizations will benefit from considering these methods and others to protect their employees and their business.
Robert E. Crossler, an assistant professor of information systems, joined the Management, Information Systems & Entrepreneurship Department in the Carson College of Business at Washington State University in July 2016.