Below are some recommendations to help keep your organisations' portable digital devices and company information safe.
1. Set User Authentication
Most portable digital devices have the capability to support passwords or PIN numbers. Some have bio-metric readers than scan a fingerprint for authentication. It's important that authentication is enable to prevent unauthorised access.
Also make sure your staff set strong passwords or PINs on their portable digital devices (for example a PIN should not be 1234 or 0000 as these are easily guessed).
2. Beware of WiFi
Wireless (Wi-Fi) communication networks are not always encrypted and this can put your information at risk.
For example, if your staff are using a laptop or phone to tap into Wi-Fi networks in public places such as cafes, libraries, hotels and airport lounges, then it's likely these networks are not secure. An unsecured network means it is easy for other people using the same Wi-Fi zone to see what they are doing online.
When using Wi-Fi in a public place staff should avoid accessing confidential information, including via email. Your organisation could consider setting up a VPN (Virtual Private Network) for staff who travel frequently as this enables information sent from their laptop or smartphone to be encrypted.
3. Don't Download Malware
It's relatively easy for staff to be tricked into downloading malware. Often malware is disguised as a game, security patch, utility, or other useful application. Alternatively messaging services can deliver infected files via email, instant messages or multi-media messages.
Usually for malware to be downloaded the user of the portable digital device has to give consent for it to install and execute. So a key factor in preventing this is education of staff. It's important they understand what you expect/don't expect them to do on their device. This is where having policies or guidelines can be useful as these outline what they should/should not do, and help them understand how they can mitigate the risks through their actions (see attachments at bottom of this article).
To help prevent the accidental download of malware some businesses or organisations disable Bluetooth and Infrared services.
4. Protect Against Theft
Because of their relatively small size, portable digital devices have a propensity to be lost, misplaced or even stolen. It's important that staff understand that devices should not be left unattended in a location where then can be easily seen (like in a car, or visible through a window).
Staff should be encouraged to lock their device when it's not in use. The person responsible for your organisations' portable digital devices (such as the IT provider, or manager) should know how to lock or disable the device remotely in the event of it becoming misplaced (where the device has this functionality).
5. Be Wary of Spam
Unwanted text messages, emails and voice messages from advertisers can appear on portable digital devices. Besides the inconvenience of removing these, charges may appear for inbound messages or costs applied to download attachments. Messages may also trick users into calling or sending messages to chargeable service numbers. If a spam message is received your staff should know to delete it and not to follow any Internet links.
6. Consider Encrypting Data Stored on Portable Devices
Data encryption is useful to protect sensitive or confidential data stored on portable devices and even memory cards. Some digital devices have built-in encryption, but there are also commercially available encryption tools.
7. Have a Security Policy
Security policies are used to define the rules, principles, and practices that determine how staff in an organisation should behave and treat their digital devices. Make sure your security policy/rules/guide includes how portable digital devices should be treated. (See bottom of this page for an example Portable Digital Devices Guide).
You may find it useful to train staff so they understand your security or acceptable use policies. Completing our Digital Citizenship assessment and working through the answers will help your staff become more aware of the risks of being connected and better able to protect themselves, both at home and at work.
8. Consider Software
Depending on your organisation it may be worthwhile considering security software for your portable digital devices. Security software for mobile devices comes in many forms and functionalities but can include:
- Antimalware - protects against malicious apps, viruses, spyware, etc. Some software may also protect against unwanted (spam) voice messages, text messages, and e-mail attachments.
- Firewall - can protect against unauthorised connections by intercepting incoming and outgoing connection attempts and blocking them based on a set of rules.
- Whitelists - enable you to allow only listed software apps to execute commands and block all other software.
9. Install Security Updates
Just like other digital devices it's important your portable digital devices are using the most up-to-date software. Be aware that with mobile devices you may not always be notified when software updates are available, so it pays to check you have the most recent security updates and patches.
Also be aware that many manufacturers stop supporting smartphones 2 years after their release (some as as soon as 1 year). These unsupported devices may pose a risk to your organisation.
A big part of keeping your portable digital devices safe, is educating your staff on how to look after them and how they should respond to threats.
To help you define your organisations' standards and communicate these to your staff we have developed some example policies and guidelines. Feel free to edit these to meet the specific needs of your organisation (see below).