The question in the headline is rhetorical because, as enterprise IT professionals know, if there’s a mobile device security mistake to be made, at least one of their employees is making it.
That’s just life in the BYOD era, one in which IT control is but a fond memory. All IT pros can do at this point to secure mobile devices used by employees is educate, communicate and anticipate.
Here are some of the most common mobile security blunders committed by enterprise employees. These were compiled by CSO’s Grant Hatchimonji:
Not using an access code. PINs and passwords may be flimsy lines of defense, according to some IT security experts, but the truth is they’re more than good enough in most instances where a mobile device disappears. Failure to use even a four-digit access code is just lazy and irresponsible.
Storing enterprise data on an unauthorized device. It’s what you don’t know that can kill you sometimes. These days many employees don’t even bother checking with IT about whether they can use a personal device (or personal cloud service) to do their jobs. They just do it. Having a clear BYOD and mobile usage policy won’t eliminate “shadow” mobile use, but it should cut down on those occurrences.
Playing with content fire. It’s great that your employees are inquisitive and trusting. But opening every link sent to you in a text message or email is a recipe for malware infection, as is downloading apps from third-party sites such as “Joe’s Awesome Enterprise Apps.” Enterprise IT pros should educate employees about using only Apple’s App Store, Google Play or an internal apps store for downloads.
Grant outlines several other common mobile security mistakes made by workers. The bottom line, though, is that enterprise IT pros must assume responsibility for securing mobile devices and data, even as they cede control (however unwillingly) to employees.
No one said the job was easy.