Fact: 77% of organizations are convinced they’re capable of protecting their mobile devices—smartphones, tablets, and laptops (including Chromebooks)—from cybersecurity threats.

Another fact: A third of those organizations aren’t protecting their mobile devices at all.

And that matters—in its Mobile Security Index 2022 report, Verizon reported that 45 percent of businesses suffered a major mobile-related compromise with lasting repercussions.

The increase in companies’ reliance on mobile devices that began with the pandemic persists today. Many employees are working on their mobile devices more, which follows that more mobile devices (53 percent) have access to sensitive data compared to pre-pandemic times. We recognize how critical such devices are to our work, and yet, confident or not, we continue to treat their defense against cyberattacks like an afterthought.

So what can small business owners do to quickly turn things around?

Start by recognizing that the mobile space has become a battleground, so protecting it is a must. And then, develop a mobile security policy that touches on essentials for securing employee mobile devices.

A cybersecurity policy is essentially a high-level plan detailing how a company will protect its physical and digital assets. In the context of mobile devices, that means protecting the sensitive data they store and have access to, and stopping non-employees from physically accessing such devices.

The policy doesn’t have to be complicated or perfect, but it must be solid and effective. The document must evolve with changing technologies and attack trends to prevent it from becoming outdated. For a policy to be effective, it should clearly and explicitly state responsibilities for the organization and its employees.

Here’s a list of some organizational duties you might want to include in your mobile security policy, to help you get started.

  • Use a mobile device management (MDM) platform. IT teams use MDM to provision, deploy, and manage mobile devices. It allows an administrator to perform remote tasks, such as troubleshooting and wiping devices after a theft. More importantly, an MDM can be used to enforce strong password practices and deploy software updates.
  • Use a mobile endpoint security solution to provide real-time protection to employee devices.
  • Ensure employees use a VPN to connect to the company networkYour small business may have adopted a working scheme that allows employees to work anywhere. In this case, it’s vital to encrypt data in transit, so you don’t have to worry about your employees using public Wi-Fi.
  • Use FIDO2 two-factor authentication (2FA). FIDO stands for Fast Identity Online, a globally-recognized standard for passwordless authentication. Employees using mobile devices to read their emails are particularly vulnerable to phishing. Unlike other forms of 2FA, FIDO2 devices can’t be phished.
  • Set clear Bring Your Own Device (BYOD) guidelines, explaining whether employees are allowed to use their personal devices for work and what their obligations are if they do.
  • Educate employees on best practices for mobile security. Employees are your first line of defense—arm them with the tools and know-how they need to fulfill their role.

By creating a strong mobile security policy, a small business is better placed to prevent cyberattacks, and better prepared should one occur.

Good luck!

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.