1) Failing To Digitally Secure Your Device
Securing your device with a passcode, pattern or even your fingerprint can help keep prying eyes from looking at the content of your phone. This first line of defense can protect the content of your phone from the casual viewer at the bar or restaurant to the person who finds your phone on the street. This step keeps your lost, misplaced or stolen phone secure long enough to track it down or kill the phone by wiping it remotely.
Cell Phone Forensics Expert!
2) Storing Sensitive, Work-Related Data On An Unauthorized Device
Storing your organization’s sensitive data on your phone without authorization is an egregious sin. Storing company Intellectual Property (IP) on unauthorized devices or private devices is just asking for a breach. What can make this practice worse is that most mobile devices are backed up to cloud data storage. Mobile devices can also be backed up to computer systems owned by the employee which may not be as secure as organizational devices.
Keeping business and personal data separate is key. Select, implement, and maintain a Bring Your Own Device (BYOD) policy. Mobile Device Management (MDM) products have come down in price to the point where organizations who have sensitive data and allow employees to use their own mobile devices should implement an MDM system.
3) Updating The Device Operating System And The Apps
Keeping your software up to date by downloading updates as soon as they are available can prevent users from posing a security risk to their organization’s as well as their personal data. Apps are often released with security flaws and even bugs that cause the app to fail. There are occasions when apps have these flaws over multiple versions and updates. Not having the most up to date, and hopefully, the most secure versions of your apps is an easy fix. Set apps to update automatically. This prevents out of date apps that may be less secure from residing on your device. If you are concerned about how this impacts your data plan, most phones also allow the user to update apps only when connected to Wi-Fi.
4) Using Public Or Unsecure Wi-Fi
Using unsecured Wi-Fi is bad. Data transmitted and received on unsecure Wi-Fi can be read by someone else in the area. Stick to what you know is secure, like networks with WPA2 encryption. Open and unprotected networks are too risky. This is especially true for users who carry sensitive company data on their devices. In addition to allowing others access to your data while it is transmitted between your device and the network, public Wi-Fi can allow attackers to hijack your device through your apps.
5) Not Using Mobile Device Management For Security And Encryption
Unfortunately, users are lax at securing their mobile devices. When organizations allow users to bring in their own smartphones and tablets, they should have a plan to manage these devices. The products that manage these devices is called Mobile Device Management. These products are normally supplied by the company Information Technology department. MDM products manage user’s device access to the organization’s networks and data. In addition corporate data is normally kept separate from personal data and is encrypted on the device. MDM systems should be implemented when either the user supplies their own device or if the organization supplies a device.
6) Side Stepping The Organization’s Social Media Policies
Most organizations of size have a social media policy. These policies should have some kind of language regarding disclosing sensitive information or data over social channels. It is important that employees of organizations adhere to these policies to keep the company’s secrets secret. Disclosing insider information or intellectual property can be disastrous. Even sharing seemingly innocuous information about your company can be problematic. Keeping quiet about the employee who was just terminated is probably the best path to take.
7) Opening Questionable Content
Mobile devices can be just as vulnerable to malware as computers. Malware links can be delivered by email as well as text message ( SMS ). Messaging poses significant threats as these tend to be less scrutinized by security applications. Text message spam containing links to sites that pose threats are very real. Users should avoid opening links from sources they don't recognize.
8) Apps From Third Parties
While Apple, Google and Microsoft (the Big Three) do their best to scan apps from vulnerabilities they aren’t perfect. However, a riskier behavior is downloading apps from third-party app stores. At least apps from Apple, Google and Microsoft are scanned with is some sort of screening. When you download apps and software from untrusted sources, they are not scanned by the Big Three. When you get apps from untrusted vendors there's no telling what kind of malicious software you may end up with.
