Your employees, partners, and others who use your data should be good stewards of their mobile devices, but unfortunately, this is not always the case. Here are six ways end users often sabotage mobile security.
They ignore basic mobile security hygiene
When it comes to end user security concerns, most employees and executives don’t seem very concerned about the security of their devices – at least they don’t act as if they are. For instance, when it comes to iOS devices, end users don’t appear very concerned about much risk at all, even though there are real risks of losing a device and having data exposed, or having software directly infect or compromise devices.
When it comes to patching, Apple users tend to be better stewards of their devices, but that’s a result of the Apple software garden, which is an effective distributor of updates. Depending on when and from whom Android users purchased their devices, many can’t get updates directly from Google easily, and some manufacturers are incredibly slow to issue operating system security updates. Thus, many users go unpatched for weeks, months, or forever.
Also, when it comes to passwords (more on that below) many users don’t create passwords that are difficult to guess, and they never monitor what permissions they are granting the applications they use.
Mobile security is enhanced when users follow good information security hygiene. They should shun simple passwords, back up data, update their mobile operating systems and apps, and take quick action in the event of the loss of a device they had previously set, so that a few failed login attempts would cause all of the data on the phone to be wiped.
They always leave Wi-Fi and Bluetooth on
Wi-Fi and Bluetooth love to devour battery power. They also can be security risks. It’s a good idea for employees to limit Wi-Fi when not in use because credentials are often being sent continuously, placing them at risk and increasing the chances of landing on a bogus wireless network. It’s also a good idea to turn off Bluetooth so that protocol won’t be a vector of attack unnecessarily.
They don’t watch what services they are allowing to run
If users want to reduce their devices’ attack surface and increase privacy as well, they should limit ads, shut down diagnostics being sent, clear their mobile cache often, and make sure their privacy and cookie settings are tight for both the OS and individual apps.
They are careless with their passwords
Of course, if an adversary has the device, given enough time and tries, passwords can be broken – but there’s no sense making it easy. Good passwords will slow down just about any data thief or snoop, so it’s important to choose strong passwords for the device. Don’t ever use the same passwords for multiple devices or sites.
They ignore common security apps and features
End users should be aware of, and use if needed, security apps such as anti-malware software, as well as seek out and use embedded features from the OS that will enable a remote wipe of the device if it is ever lost or stolen. Features such as iOS’s “Find My iPhone” are a good idea, too. If available in the OS, users should also consider encryption.
To protect data as they travel from the device, users should consider VPN software. Some enterprises do offer their users VPNs; however, many more don’t.
They jailbreak their iOS devices
Jailbreaking occurs when end users strip all of the hardware restrictions that Apple imposes on iOS. Unfortunately, most security protections are stripped, as well. Use of jailbroken devices by employees should be completely avoided.