Employee Smartphones Can Be Security Vulnerabilities

Almost all of us these days have a smartphone. Besides staying connected via the phone and text messaging, we use our phones to check email, surf the web, and share files. Although a great convenience and a fantastic way to keep employees connected on the go, smartphones can present a major security vulnerability for many businesses.

Regardless of if the employees are using their own smartphones or if they work off of company provided ones, a smartphone provides a direct connection to the company network, corporate emails, and other sensitive information. If in the wrong hands, a smartphone can be the key to providing unauthorized access to an outside party.

The Data Dilemma

Most major cell phone carriers have done away with unlimited data. They either offer capped data to their customers (and charge for overages) or charge higher rates for “unlimited plans” that throttle speeds after a certain data usage level is met. Because of this, employees connect their personal cell phones to the company Wi-Fi. This way, employees are able to use their phones at work without worrying about making huge dents in their data plans (which make sense seeing most employees spend at least 40-50 hours a week at the office anyways).

If employees are connecting their personal mobile devices to the company network to save their data plans, their smartphones hold network credentials and offer a direct connection to company information such as email and files. If an employee’s smartphone is stolen, misplaced, or if it accidentally gets infected with malware – a hacker can easily find sensitive information such as credentials and emails, or find a backdoor into the network through a compromised device.

Company Provided Smartphones

Even if a company provides smartphones to employees, carrying around a personal and a professional device increases the risk of an employee misplacing at least one of them. If a company smartphone is lost or stolen and is not properly secured, it can provide a cybercriminal with direct access to sensitive company data.

So What Can Be Done?

• Training Employees on Best Practices

Employees need to be trained on best practices for mobile devices. For personal devices, employees need to be required to secure their devices with passwords, and need to be trained on how to surf the web safely and access company email over a secured connection. With personal devices and company provided cell phones, employees need to be trained on the steps to take, who to call, and what to do should their mobile device be lost or stolen.

• Implementing a BYOD Policy

Companies need to have solid BYOD (Bring Your Own Device) policies in place for employees who use personal mobile devices including smartphones, tablets, and laptop computers to connect to company Wi-Fi and to conduct company business. These policies set forth guidelines and procedures for how employees need to secure their personal devices prior to connecting their own equipment to the company network.

For more information on how to secure smartphones that connect to your business’s internet or to learn how to build your own BYOD policy, contact Roan Solutions today.