While the desktop still rules the business domain, mobile device use is rising quickly among small businesses as the preferred way to get work done—from answering emails, to posting on Facebook, to invoicing customers. And small business IT pros predict that it won’t be long before tablets, smartphones, and laptops displace the desktop. But even as these devices become more important, small businesses don't protect them the way they should.
Mobile Security: Small Business Gaps
Small business owners and employees who use smartphones, tablets, or laptops on-the-go face a host of security threats. Wi-Fi hotspots—typically found in restaurants, cafes, airports, and hotels—aren't completely safe. "When employees connect to public Wi-Fi without using a VPN (virtual private network) app, they put their company's data at risk," says Gagan Singh, president of mobile at Avast Software. The software that hackers use to spy on public Wi-Fi networks isn't difficult to find or terribly expensive, which makes that ubiquitous coffee shop a dangerous place to surf the Web.
Employees may be their own worst enemies when it comes to mobile security. "We conducted a survey and found that 35 percent of Americans do not lock their phones," Singh says. "Moreover, 28 percent of respondents admitted that someone else accessed their phone without consent. And of that 28 percent, one out of five people said that an unauthorized person accessed sensitive business emails."
Lost or stolen unsecured devices can potentially place your company's data at risk. They provide a doorway into your business network if someone other than the employee accesses login credentials, email accounts, or always-connected applications. In addition, small business networks frequently suffer from insufficient security. With a lack of internal IT expertise, it's hard to provide the right kind of access without letting threats into the company at the same time.
"Simply allowing employees to join their smartphones to your company Wi-Fi network—whether to reduce their cell charges when in the office, or because they have bad cell coverage—is a risky proposition," says Blake Brannon, vice president of product marketing, VMware AirWatch. "If a malware-infected phone joins the network, it could quickly shut everything down or spread the malware to the business's system." Offering unsecured Wi-Fi coverage to customers also increases the risk.
Even when you have small business security measures in place, they may not cover every vulnerability. Employees compound those gaps when they bypass protective tools—occasionally with malicious intent, but usually because they're looking for more efficient ways to accomplish their work.
"A lot of small businesses might say, 'We do push passcodes on our phones.' But at the same time, for example, they use Salesforce as their cloud CRM without restricting phones from installing and signing into the Salesforce application," Brannon explains. That, he says, is like putting an expensive lock on the front door and leaving the back door wide open. Employees think they're getting things done, but the byproduct is a new security threat the business doesn't even recognize.
Reduce Mobile Security Threats
Unfortunately, no silver bullet addresses every mobile security risk. Brannon says the right approach will vary based on the business. "The first thing small business owners should to do is identify the most important information they need to protect," he explains. "Are they under any industry regulations, for example?" Security-related mandates may affect small businesses operating in healthcare and financial fields, among others.
Safeguarding email access is a good place to start. "Don't let anyone access email from any device unless you have some controls over it," Brannon suggests. Even with these safeguards in place, small business owners should have tools in place to remotely erase data from mobile devices in the event that they're lost or stolen. This is where a guide to mobile device management can help.
Small business leaders should exercise the right control over the devices that are allowed to access the network and any sensitive information. Company-owned devices should have security software installed before connecting.
"Mobile security software safeguards the device from malware, and app-locking features provide an extra layer of security for business-related apps," Singh says. He also encourages businesses to provide a VPN application, so that employees can securely connect to wireless hotspots and "encrypt their communication while connected to public Wi-Fi networks."
Even if employees use their own mobile devices while at work, businesses should be ready to pay for VPN and other security measures to ensure compliance and to keep mobile security software up-to-date.
Julie Knudson is a freelance writer whose articles have appeared in technology magazines including BizTech, Processor, and For The Record. She has covered technology issues for publications in other industries, from foodservice to insurance, and she also writes a recurring column in Integrated Systems Contractor magazine.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|