Best practices, like updating your OS frequently and locking your device, thwart hackers.
Small business owners are keenly aware that protecting their assets is a top priority. Unfortunately, many entrepreneurs have a blind spot when it comes to cybersecurity. Some SMB owners believe they are unlikely to be the target of hackers specifically because of their size; they assume hackers are more likely to target bigger enterprises with more information available to steal. Research does not support this idea, however. In fact, according to Verizon's 2019 Data Breach Investigations Report, "43% of breaches involved small business owners."
In addition to storing sensitive information on laptops and desktops, today's small businesses rely heavily on mobile devices, like smartphones, to get work done. Business smartphones, either provided by the business or the employee, are used for a range of commercial operations: inventory control, customer relations, advertising and marketing, banking and more. As such, they become repositories for valuable data that can be targeted by hackers and malware. Taking the appropriate precautions to protect data is much like investing in an insurance policy, and most of it comes down to instilling best practices across your business, not investing in expensive products.
Here are 10 simple ways to keep your small business' smartphone data secure.
1. Update your OS and apps promptly.
Most people are guilty of postponing or ignoring operating system updates and app updates, but doing so on a regular basis can open you up to a data breach. Hackers know how to identify and exploit vulnerabilities in systems; as those vulnerabilities are made known to the company, improvements are made to increase security and eliminate weaknesses. The longer you wait to update your phone or laptop, the more out of date your systems are, making you an easier target for hackers.
If your small business utilizes a BYOD (bring your own device) policy, establish a training and awareness program for your employees. Make sure your staff understands that they are expected to take reasonable security precautions when using their smartphones and tablets, including running regular updates and being discerning about app downloads.
2. Lock your devices.
Sure, it's a lot easier to keep your phone unlocked all the time because you can get to your email, camera, texts, and other features more quickly, but just think how you would feel if a stranger found your phone on a bus seat or in a coffee shop and could just tap on your business apps, contacts, and even banking information. If your phone contains client information, you could even end up in the embarrassing position of informing your clients that their data has been compromised, essentially due to negligence.
To prevent that from happening, always engage the four- or six-digit passcode – or set up a longer alphanumeric code – so that if you ever lose track of your phone, it won't open your entire business to a stranger. Utilizing fingerprint scanning and facial identification is also an excellent option, as it's faster and easier than memorizing an unlock code. Also, be sure to password-protect all mobile apps that contain personal data, such as banking, email and your Amazon account. Don't use the same password for all your accounts, and change your passwords occasionally for good measure.
3. Utilize mobile device management, small business style.
If a work phone gets lost or stolen, you can contain the damage using basic smartphone features. Both Apple and Google offer find device services, such as Find My iPhone and Android's Find My Device, that can locate your phone on a map and automatically disable it. These services can also make your phone ring, either alarming the thief or just locating a phone you have temporarily lost track of. You can even arrange for the phone to delete all information after five to 10 false passcode tries.
For small business owners who want more control, affordable mobile device management software is a good option. If your business currently uses Microsoft Office 365, you should already have access to MDM features through Mobile Device Management for Office 365. There are also stand-alone MDM products like AirWatch's Workspace ONE (a VMware product) and Hexnode, but despite offering SMB solutions, Office 365's MDM is far more suitable for most small business owners.
4. Use Wi-Fi and Bluetooth wisely.
Most people don't think twice about jumping on a free public Wi-Fi connection, but people operating devices with sensitive business information on them should exercise caution. Business travelers often use hotel or conference center Wi-Fi. In general, this is an OK practice as businesses like reputable hotels and event venues have a vested interest in maintaining the security of their Wi-Fi users. However, free public Wi-Fi in areas like shopping centers, cafes, airports, parks or gyms, is often far less secure.
Try to use only your private cell connection whenever possible and switch off Wi-Fi on your mobile phone whenever you are in a public place. And, of course, do not sign on to unencrypted open networks. If that is not possible, consider using a VPN, but choose carefully, as all are not created equal. A VPN tunnels your network traffic through an encrypted connection to a server based in another location. Unless you are wearing a smartwatch that requires a Bluetooth connection for functionality, it's also a good idea to disable Bluetooth when you're out and about.
5. Use two-factor authentication wherever possible.
Two-factor authentication (2FA) is one of the least-favorite security options around because, as the name implies, it requires an extra step. However, it offers another solid barrier to accessing your private information, and two-factor authentication is much easier to use now (thanks to biometric scanners and save-password features) than it used to be.
6. Manage app permissions.
Check the apps on your phone to determine whether they have more privileges than they need to get the job done. You can grant apps permissions like access to the camera, the microphone, your contacts and your location. Keep track of which permissions you've given to which apps, and revoke permissions that are not needed.
For iPhones, go to Settings and tap on Privacy, where you'll see a list of all permissions and the apps you've granted them to. Android users can find app permissions in the Application Manager under Device > Application in some Android versions.
7. Ignore spam and phishing emails.
One of the easiest ways for hackers to access your company's information is through your employee's email inboxes. Even major corporations have suffered breaches due to phishing scams. Incorporate email security training as part of your basic onboarding procedure, and make sure employees are aware that they shouldn't click on links in promotional emails, open suspicious attachments or run updates that are prompted through email (including those that say they come directly from a company, like Microsoft).
Make sure employees understand company policy. For example, let them know that your business will never ask them for personal information or send them links regarding their 401(k) accounts and that if they see such emails, they should assume they are fraudulent. If they want to cross-check their accounts, to make sure their 401(k) or other sensitive information is OK, tell them to go directly to the financial institution's website and log into their accounts directly, rather than clicking on a link in an email.
8. Back up your data.
Bad stuff happens, but don't compound the problem by not being prepared. Always back up your data. This is a general good practice, and it protects your important documents and images in case of any loss.
For an Android phone, make sure "Back up my data" and "Automatic restore" are enabled in the settings and then sync your data with Google. For an iPhone, choose your device in the settings and then back up to iCloud.
9. Use an antivirus app.
Hackers typically use malware to steal passwords and account information. There are plenty of smartphone antivirus apps — some of which are linked to companion desktop apps. These provide enhanced security by ensuring apps, PDFs, images and other files you download aren't infected with malware before you open them. Antivirus apps like Avast, McAfee and Panda can halt such threats.
10. Know where your apps come from.
Don't just download any app to your phone. While iPhones only run apps from Apple's App Store, which vets all apps sold from the platform, standards are not quite as high on Android. The Google Play Store has made progress in ensuring its apps aren't running malware, but the Android platform allows installation from various, less-regulated environments. The best way to avoid malware on Android is to stick with the Google Play Store, unless you are sure you can trust an independent app from somewhere else.
Your smartphone is now a critical extension of your business, not just a novelty or convenience. Its tiny footprint often makes it easy to lose or misplace, or a target of theft. Should disaster strike, your preparation in protecting your privacy and assets will spell the difference between a relatively minor financial loss and a complete disaster.
Built-in mobile device management features, like those in Office 365, give small business owners unprecedented control over the devices their employees use. Take advantage of the security features you already have at your fingertips, instill good security habits in your staff, and, if necessary, purchase additional security software. There is no single solution to secure your smartphone from hackers; the key is to practice as many best practices as you can, as often as you can, to keep your bases covered.
Additional reporting by Jackie Dove.