It’s commonly recognised that mobile devices, traditionally laptops and increasingly smartphones, are rapidly becoming critical business tools for many companies as remote working increases. Surveys show that 25% of mobile devices carry mission-critical information (source: BPMF) but that 30% of these devices are lost each year (source: SANS Institute) – which presents a serious risk to data security.
With the prevalence of mobile applications, data has never been so geographically dispersed. Whilst this gives a far greater flexibility for organisations and individuals with regards to data retrieval, it also presents greater security risks. The proliferation of data on mobile devices means that now thieves are not just tempted by the hardware, but also the potentially sensitive data held on them and the value associated with it. Inevitably mobile devices can be mislaid or stolen, which has traditionally been less of an issue with hardware in a secured office. Therefore it is important that businesses recognise these potential risks and take steps to secure data and put mitigation steps in place for when things go wrong.
Most laptop manufacturers have developed increasingly secure solutions, such as operating system password encryption and fingerprint readers for portable devices. However it is easy to overlook these, often for the sake of speed - but it is vital to make the most of these systems. Increasingly third-party manufacturers are also producing a wide-range of plug-in encryption keys, meaning any potential intruder would need to steal the USB key as well as the mobile device to be able to access sensitive data. The suitability of the security measures used often depends on the individual and budget available, but with many options on offer it is sensible to investigate these to determine the most suitable.
The options with which security can be tightened have significantly expanded. Should an unauthorised person be able to crack the physical security there are also ways of preventing access to critical data remotely. MS Windows Mobile and several third-party mobile security applications give the IT administrator the option to wipe data from a device that has gone missing or is in unauthorised hands. It is also possible to lock the entry password on a device so that after several failed attempts it is rendered inactive or data is automatically wiped – and so unusable for any potential thieves.
The fact that a sizable proportion of mobile devices are still used without adequate protection can be partially attributed to human nature. By their very nature, mobile devices are used for convenience and the installation of security measures takes a certain amount of planning and execution, which can be seen as a nuisance. However, not fully utilising these functions can leave sensitive information open to unauthorised eyes and result in an organisation’s entire carefully adopted security measures worthless.
The flexible and timesaving benefits offered by mobile devices means that they look set to continue to be used as essential business tools. The flipside is that they can also potentially offer these advantages to a determined criminal, so including mobile devices in the overall data security regime is essential.