Mobile phones have been a corporate tool for years, but with smartphones becoming more powerful and versatile with each new model, their utility in business has only become more expansive. Besides being a portable telephone, today’s smartphones are essentially compact computers used for creating, processing, transmitting, and storing various types of content, including sensitive business data. It’s for these reasons that an employee’s lost mobile phone can spell disaster for their company.
Why is a lost mobile phone dangerous?
Symantec’s Smartphone Honey Stick Project did an excellent job at answering this question. During the study, researchers intentionally “lost” 50 smartphones in high-traffic areas in five cities. In 96% of the smartphones — including those that were eventually returned to the researchers — finders made attempts to access sensitive information stored in the devices. The desired data included social media and email information, as well as corporate files clearly marked as “HR Salaries" and "HR Cases."
In fact, stolen or lost devices have been known to cause 41% of data breaches. With many people using their phones to work remotely, the risks are more compounded than ever. Just imagine one of your finance officers losing the phone they use for work. You can very well assume that whoever finds the device will attempt to access critical information stored within, such as transaction records and credit card details.
What can you do about lost devices?
Should one of your staff lose a mobile device that contains work-related information or apps, they must notify your business's IT team OR their manager as soon as possible. You can minimize the risk of a data breach by doing the following steps:
- Contact your network provider
- Lock, locate, and wipe the device remotely
- Change your passwords
Request your provider to disconnect the service on the device. This prevents malicious parties from using the mobile phone for identity theft and fraudulent transactions.
If you are using a mobile device management (MDM) solution, your internal IT department or managed IT services provider (MSP) can locate or lock the device remotely. In extreme cases, the solution may also be used to wipe all data from the device.
Another way to lock and locate the lost device is by using phone-finder apps and features, such as Samsung’s Find My Mobile and Apple’s Find My app. Bear in mind, however, that you have to enable these features beforehand. It would be smart to include training and enabling of these features upon issuance of your employees’ devices.
Using a different device, log in to all work-related apps and accounts saved in the lost smartphone. Change the password and security questions for each account. Make sure all new passwords are strong and hard to crack.
How can you reduce the risks of lost data in the future?
A proactive approach is always better for your company’s cybersecurity than a reactive one. The following steps will mitigate data theft or exposure should any of your work phones be lost or stolen:
- Enable remote tracking
- Encrypt your devices
- Use strong passwords
- Implement multifactor authentication (MFA)
- Use an MDM solution
- Back up your data
Check that the work device’s tracker feature is enabled. If it does not have one built into it, find a reputable software in the app store and install it.
Encryption renders data stored on the mobile phone unreadable to unauthorized users. Even if a third party were to hack past your phone’s lock screen, encryption ensures that they won’t be able to use any sensitive information they do find in the device.
Over 80% of hacking incidents occur because of weak or compromised passwords. Create complex passwords, especially for work-critical apps, and replace them regularly, when possible.
MFA further reduces the risk of unauthorized access by requiring users to provide more than usernames and passwords as authentication factors. The extra factors are hard to fake, such as biometric information or SMS codes sent to a separate device.
If you haven’t yet, implement an MDM solution that will be managed by your internal IT team or MSP. There are various options available in the market, so you will definitely find one suited to your business’s needs.
Never store sensitive data in one place, especially in a mobile device. Back up your files regularly and store them in both cloud-based and offline servers. This ensures that should a work device be lost, you never lose access to the information stored in it even if it’s never returned.
You need to secure your work phones just as much as you secure your work computers. An MSP like Tech Squared can maximize your devices’ protection by monitoring them remotely and by helping you find and implement the best cybersecurity solutions in the market.
Download this free eBook today to learn more about the solutions you need to secure your company data.