If an unsecure enterprise mobile device is lost or stolen, its owner can do nothing to ensure the safety of the data stored on the device. That’s why it’s so important for IT to work with users and take precautionary mobile devicesecurity measures now — before a device gets lost and valuable data falls into the wrong hands.
The latest versions of Apple’s iOS and the Android operating system offer similar options for protecting data on enterprise mobile devices that are lost or stolen. These four mobile device security best practices are general, but applicable to most devices and OSes.
Step 1 to mobile device security: Screen protection
Mobile device security starts by configuring appropriate screen protection. There are different options available, such as PINs, patterns and passwords. It doesn’t matter which protection method the user chooses, as long as one is in place. There is no way to protect data on a missing device if screen protection isn’t enabled in advance. IT can require the use of screen protection through Exchange ActiveSync or most enterprise mobile devicemanagement software.
After configuring screen protection, set a policy to protect against unauthorized access. The most common type of policy wipes a device’s contents after a specified number of failed password entries. This action prevents against some of the weaker screen-protection methods; for example, a thief will eventually guess a four-digit PIN after 10,000 attempts.
Encrypting enterprise mobile devices
To take data protection to the next level, it’s important to encrypt enterprise mobile devices. Encryption is vital, because a mobile device is a kind of computer that stores data in a file system on a disk. As such there are several ways to access that data. For example, anyone can connect a mobile device to a Linux computer that offers support for all file systems ever created. When connected, the device acts as an external hard disk, and everything stored on the device becomes readable on the computer.
For some devices, it doesn’t even take a Linux computer to access data. Most smartphones automatically open when connected to a Windows 7 computer, so users can conveniently copy files to and from their devices. But it’s also convenient for the person that found or stole the device.
Encryption provides protection against these mobile device security threats. Only after entering the right PIN, pattern or password will the person connecting the device be able to access its data.
Improving mobile device security with remote wipe
Remote-wipe capabilities, which let users or IT delete data from lost or stolen devices, can add an extra layer of protection. Remote wipe is available on devices with SIM cards for 3G and 4G data networks, as long as the device is connected to the network.
For remote wipe to work, however, a device must be registered before it gets lost. Users can register their devices through the manufacturer’s website and sometimes through third-party security apps as well. Once the device is lost or stolen, it’s too late to register the device — and it could be too late to save the data.
In case of honesty…
Not all missing enterprise mobile devices end up in the hands of an evil-doer. An honest person could find the device, in which case it should be easy for that person to find the device owner (or the owner’s employer). Configure mobile devices to display these contact details before log in. This information can help someone return devices to their rightful owners, while also preventing unnecessary remote wipes.
