October is National Cyber Security Awareness month. What would your company do if a company device was lost, or even worse, stolen? Do you have measures in place to protect the data on the device? This is part 16 in a series of blog posts we will be publishing on various topics aimed at educating you on how to stay protected on today’s Internet landscape.
What would the risk to your company be if an employee’s smartphone or tablet were lost or stolen? If the device holds sensitive customer or company data, it could be significant. According to the 2014 Symantec Small/Medium Business Mobile Survey, three in 10 small- and medium-business owners said employees have lost a company-issued mobile device or had one stolen. Of those, over a quarter said the event resulted in a data breach.
Taking steps now to secure your employees’ mobile devices could save a lot of time and trouble later. Here is what you should do right now, and what to do if a device is snatched.
To do now
Record Identifying Details
Create an inventory of the devices used in your company. List their makes, models, serial numbers and International Mobile Equipment Identifier (IMEI) numbers. You can find the IMEI and other identifying numbers on Apple devices by selecting “General” within the “Settings” menu. You can find an Android device’s IMEI number on the back of the device, inside the battery compartment or by dialing *#06#. Phone carriers may be able to blacklist an IMEI number so that a thief cannot use it.
Set Strong Passwords
Require your team to choose long, complex passwords for their devices, instead of using the standard four-digit code. A strong password is at least eight characters long and includes a combination of letters, numbers and special characters. Employees should also set their screens to lock after a period of inactivity — for example, two minutes.
A strong password can provide a valuable layer of protection for mobile data. In a 2012 experiment in which Symantec planted “lost” smartphones without password protection in different cities, 96 percent of the phones were accessed by the people who found them, and 83 percent were accessed for company-related apps or data. A password could have served as an important deterrent.
Instruct your team to use other security features that come with their devices. For example, Apple device users can enable the “Find My iPhone” or “Find My iPad” feature in iCloud, which will help them locate the device if it is missing and erase the data on it. New Apple devices also include an activation lock feature that prevents the devices from being reactivated without the owner’s credentials. Android device users can log into Android Device Manager to locate their devices on a map and set up the lock and erase capabilities.
Business-grade security software such as Norton Small Business and Norton Mobile Security can provide additional security features and help you manage the devices used in your business. This can give you greater control over device protection compared with leaving the responsibility to employees.
If a Device is Lost or Stolen
Put Security Features to Work
Use location features to try to find the device and enable remote lock to help ensure no one can use it. The owner of the device can also sign in to his or her Dropbox or Gmail account and check the most recent IP address used to access it. If a thief has managed to break into the device and tried to access one of these accounts, his or her IP address will appear. That information can help police track down the thief.
Report the Missing Device
Contact the service provider to put a hold on the account to prevent unauthorized usage. The carrier may also add the device to a global database of blacklisted phones, which can help stop another user from activating it. Also notify the police and give them the device’s location and any other information that could help to retrieve it.
Wipe the Device
If you believe sensitive data stored on the device may be at risk, wipe it remotely. Taking this step will reset the device to its factory-installed settings. Any passwords stored on the phone should be changed as an extra precaution. For example, if an email password is automatically saved in an email application or a banking password is kept in a note-taking app on the device, the owner should log into the email or banking service from another device and reset it.
Safeguarding your team’s mobile devices is one of the most important steps you can take to protect your business. Norton Small Business provides comprehensive protection for mobile devices, including remote locate, lock and wipe capabilities. For larger businesses, Norton Mobile Security includes a range of powerful features to recover devices and protect the data on them. Start strengthening protection for your devices and data so you can work productively and confidently.
This is part 16 of a series of blogs for National Cyber Security Awareness Month.
For more information on various topics, check out:
5 Ways You Didn't Know You Could Get a Virus, Malware, or Your Social Account Hacked
How To Choose a Secure Password
How To Avoid Identity Theft Online
How To Protect Yourself From Phishing Scams
How To Protect Yourself From Cyberstalkers
Securing Employee Technology, Step by Step
Are Your Vendors Putting Your Company’s Data at Risk?
Four Mobile Threats that May Surprise You
Theft-Proof Your Mobile Data
Traveling? Don’t Let Your Mobile Data Stray