Wondering how to enforce your mobile security policy?
Did you know the number of mobile phone users is expected to surpass 5 billion by 2019? There are only 7.6 billion people in the world. If you subtract the 1.9 billion children–those least likely to own cell phones–you get 5.7 billion people.
That means almost every working adult, worldwide, owns their own cellphone. And guess what? They’re bringing those phones to work. This behavior is called “bring your own device” (BYOD).
Worse yet, they’re using those phones. They’re loading work-related apps, passwords, schedules, and other data on those devices. That makes for one enormous hole in your security system that cybercriminals can take advantage of.
That’s why strong mobile device security policies are so important. But after you implement them, how do you enforce them? When you’re ready to discover the strategies experts use, read on.
Education and Responsibility
Before you worry about enforcing your policy, you’ve got to make sure the rest of your system is in place. When you create your BYOD policy samples, make sure you know who’s responsible for what.
Which mobile devices does your IT department support? Can your employee’s personal devices be sued for work? Does your company pay for all mobile-usage, or do you have a monthly spending limit?
You get the gist. Make sure all the questions involving responsibility are clearly spelled out. Then educate your employees.
They need to know not only what they should do but also why they should do it. What could the ramifications of a breach mean to the company? To the employee?
Make sure to include the following topics:
- Data Encryption
- Device Protection
- Password Management
- Minimizing Risk by Minimizing Exposure
Keep in mind, memorizing a list of requirements is much easier when you know why you’re performing each item on that list. Keep your employees informed.
Forced Data Encryption
One of the easiest ways to make sure everyone at work follows the rules is to give them no other choice. You can now use software that forces 128-bit encryption on all data stored on a mobile device. Ideally, your IT department should manage data encryption centrally.
The following companies offer this type of centrally managed encryption solution:
- Check Point
- Guardian Edge
These options put the responsibility for data security directly in the hands of your IT team, whether internal or a managed services provider like us
Forced Secure Connectivity
There are several ways to ensure data is encrypted when the phone user is on the move.
- SSL VPN Portals
- IPSec VPN Tunnels
- Mobile VPN Connectivity
You must force encrypted connections. Especially when the mobile network is used while conducting business.
Mobile VPN products can ensure a secure connection on PDAs and smartphones. Bluefire Security, NetMotion Wireless, and Birdstep Technology offer said products.
Corporate laptops, on the other hand, can be enforced by other software. AirDefense and Airtight Networks are two such examples.
Include network access control (NAC) for mobile devices in your mobile policy. Fortunately, most VPN and SSL solutions include NAC.
Also, inspect all endpoints. Check that operating system security patches are up to date. Do the same with anti-malware definitions. Then you can ensure devices that don’t comply with policy don’t get network access.
There is also software you can use to analyze mobile usage by checking mobile invoices for anomalies:
It’s another way to check employees are abiding by your policies.
Of course, some elements in your policy won’t be directly under your control. Clarify the repercussions for these actions when you educate your employees on the policy. The penalties must be stiff, including dismissal.
The stronger the penalties, the more likely employees will avoid them.
Getting Started With Your Mobile Security Policy
If you haven’t already implemented your mobile security policy, get started right away. Making mistakes along the way is forgivable. Just be consistent with noncompliance repercussions.
If you aren’t, you’re telling your employees that you don’t care all that much about the policy; so they shouldn’t either.
Did you find the above information helpful? Then check out our library of other amazing cybersecurity articles.
If you’ve read our other articles, you can sign-up here for a free IT security audit