Whether it’s a company cell phone or a personal device: for an attacker, it makes no difference who owns the device, they are only interested in the data. Through backdoors and security loopholes, cyber criminals repeatedly manage to steal company data from mobile devices. Attacks include the theft of sensitive digital data or information, digital sabotage of information and production systems or operating processes, digital social engineering and spying on digital communication such as emails and messenger services.
So what can you do to prevent future damage to your company? We have compiled a list of 5 measures to help you strengthen data security, at least on your employees’ smartphones and tablets.
1. data security through separate worlds
Private and business matters should not mix – even on the smartphone. Strictly separate the company area from all other apps installed on the device. Non-company apps must not have access to the company’s data. For example, WhatsApp must not be able to view any contact data from the company database. Of course, there are also apps for many areas that promise to handle data in compliance with the GDPR – but 67% of the Android apps tested forward data unnoticed. It is therefore better not to take any risks here.
2. data security through encryption
Encryption is certainly one of the best-known means of securing data and is used in a variety of ways. For example, sensitive data stored on a smartphone or tablet should be encrypted. In addition, data traffic between the end device and the company network should be encrypted in separate channels, as otherwise the company network is only as secure as the end devices connected to it. If you can, you should also encrypt your email communication (keyword: end-to-end encryption) and sign it digitally. On the one hand, this ensures that no one can read through the encryption and, on the other, that the emails originate from the correct sender and have not been altered during transmission thanks to the signature.
3. build barriers: Data security through access protection
While encryption is state-of-the-art for securing data transfers and protecting data on the device, there are other areas that need to be secured. After all, what good is secure email communication if access to the smartphone is unsecured? In this case, it is advisable to secure access to mobile devices or separate company areas on smartphones and tablets that are connected to your company IT with a PIN, password, Face ID or Touch ID. For even higher security requirements, it is possible to use smartcards. Security certificates (key pairs) can be stored on these.
4. breaking down barriers: UX design
The points of contact between your company’s IT and data security are very diverse. There are solutions for almost every area that will gradually improve your data security. The disadvantage of many different solutions: These solutions often have to be actively used or at least understood by employees, be compatible and be managed. But only if employees can use them intuitively as far as possible can you be sure that they will use them as standard and that no shadow IT will be created in which confidential information and company data is suddenly processed in unsecured environments. The functions and security precautions must therefore be designed in such a way that they do not restrict your employees in their work as much as possible. User experience design (UX design) is therefore an important contribution to data security on your employees’ smartphones.
5. keep control
One of the biggest risks to data security on smartphones, tablets and other mobile devices lies in the physical nature of these devices: They are mobile. And like all movable objects, they can be lost or stolen. In this case, your IT must be able to delete all business data remotely. And what if the employee leaves your company? Will your IT still have access and control over the data on their smartphone at all times? The answer to this is of course “no”. The best way to solve this problem is to set up a separate area on smartphones and tablets to which your IT has unlimited access in terms of time and location (e.g. with a container app).
The container solution for smartphones and tablets – data security with SecurePIM
All of these measures can be solved in one way or another using various applications. The disadvantage: managing many data security measures on your employees’ end devices takes up a considerable amount of your IT resources.
With SecurePIM, we provide you with a container app that combines all of the above tips for increasing data security. Available for iOS and Android via the regular app stores, the app creates its own area on the user’s end device that functions completely separately from the original environment. This gives your corporate IT department full control over the data in the container app at all times, while at the same time allowing your employees to use their smartphones for private and business purposes without having to worry about data security. Another plus: SecurePIM is easy to manage and requires few IT resources.