- Implement a mobile device policy. This is particularly important if your employees are using their own personal devices to access firm e-mail and data. If that employee leaves, are you allowed to erase firm data from their phone? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised? Further, if the data in your organisation is highly sensitive, such as client records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured, but that doesn’t mean an employee might not innocently “take work home.” If it’s a firm-owned device, you need to detail what an employee can and cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place.
- Require STRONG passwords and passcodes to lock mobile devices. Passwords should be at least 12 characters and contain lowercase and uppercase letters, symbols and at least one number. On a mobile phone, requiring at least a 6 character passcode with numbers and letters to be entered will go a long way in preventing a stolen device from being compromised.
- Require all mobile devices be encrypted. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that unlocks (decrypts) the data.
- Implement a remote wipe software for lost or stolen devices. If you find a laptop was taken or a mobile phone lost, remote “kill” or wipe software will allow you to disable the device and erase any and all sensitive data remotely.
- Backup remote devices. If you implement the above step, you’ll need to have a backup of everything you’re erasing. To that end, make sure you are backing up all MOBILE devices including laptops so you can quickly restore the data.
While these 5 are a good start, many organisations that are heavily using mobile devices or are handling highly sensitive data such as credit card numbers, financial information, tax file numbers or client records need to be far more diligent about monitoring and securing all mobile devices. For those of you who fit into that category, we have a special report that details 10 more security measures and strategies that you need to implement and know about that most IT firms don’t know or won’t tell you.