Most people know it's a good idea to have security and anti-virus software on their computers and servers. But with mobile devices used widely for business, do they need security software too?
Mobile security is complex
Unlike with your company PC, it's not a given that you need security software on mobile devices. While it does offer protection against some mobile threats, it's useless against others. This article will help you understand the issues, but it may be wise to consult a knowledgeable IT supplier if you need further help.
The problem is that mobile security is a complex issue. Malware and viruses - which security software can protect against - are not the most serious threats you face. Although growing, the chances of infection remain low. You're far more likely to suffer data loss by having a mobile device lost or stolen.
Your first priority should therefore be to take some basic mobile security steps, like:
- Making sure all your mobile devices require a passcode (or fingerprint) to be entered before people can access data or functions.
- Implementing a free service like Find My iPhone (for Apple devices) or Android Device Manager (for Android devices)
- Setting up remote wipe, so you can erase the data on a device if it's lost or stolen. Find My iPhone and Android Device Manager offer this option.
- Backing up the data on your mobile devices. The data on them - including your contacts and files - may be more valuable than the device itself.
- Once you've taken these steps, you can consider whether mobile security and anti-virus software has a role to play in keeping your devices, and the data on them, safe.
- Setting up two-factor authentication on your user ID, which adds an additional layer of security when using any device to which it is linked. This feature is available for both Apple and Google.
Walled garden or open to all?
Some mobile operating systems are more vulnerable to malware than others, so this is a key factor in deciding whether to use security software:
- Devices running Apple's iOS (like iPhones and iPads) and Microsoft's Windows Phone (most often made by Nokia) are less susceptible to malware, because they take a ‘walled garden' approach to apps. You can only install apps from official app stores, and each is checked for malware. These operating systems are also tightly controlled by Apple and Microsoft. When a security problem is identified, it's usually fixed quickly.
- Devices that use Google's Android operating system (there's a huge range) are more susceptible, because Google allows developers to freely create and offer apps outside of the official app store. They can even access and modify the Android software itself. Although Google does fix Android vulnerabilities promptly, many devices have custom versions of Android that don't get updated so quickly.
The case for security software is certainly stronger for Android devices, as they have fewer built-in checks to block malicious apps and downloads.
Are your mobile devices locked down?
Another factor to consider when evaluating whether you need mobile security software is how much control employees have over their mobile devices.
Mobile device management (MDM) software allows you to manage the devices in your business via a central control panel. For instance, you can restrict staff from installing their own apps or limit how files are shared.
If your company owns the mobile devices its staff uses - and they are used only for business - MDM software is a powerful way to lock down those devices. And if your mobile devices are tightly locked down then there's less of a need for separate security software, because the restrictions make problems less likely.
However, if your company has embraced bring your own device (BYOD), with staff using their own mobile devices at work, it's harder to restrict what they can and can't do. In this kind of situation, mobile security software has a greater role to play.
Protection from rogue apps and other threats
One area in which security software can be effective is in protecting against rogue apps. These mobile apps aren't strictly malware or viruses, but use underhand methods to trick you into sharing important data.
For instance, an app might ask to access your address book, relying on the fact that people usually grant permissions without fully understanding the implications.
The app could then harvest and use this data. Names, addresses, phone numbers and email addresses are valuable to online criminals because they can use them to create convincing fake emails or simply sell them to other scammers.
Many mobile security packages include protection against threats like these, as well as blocking fake phishing emails and websites. These are increasingly aimed at mobile users because when they're on the go, people often respond without stopping to think.
So, how do you know for sure?
As you've seen, mobile device security can seem complicated. What's more, this is an area that's changing fast. We're still learning how to best use mobile devices in business - and we're still learning how best to protect them, too.
However, a good place to start is with the three elements we've covered:
- Do your mobile devices run Android? The open nature of this operating system makes it more vulnerable to threats, so it may be wise to consider mobile security software.
- How much control do you have? The more you restrict what staff can do with their devices, the less vulnerable you are. Of course, greater restrictions make it harder for staff to get things done.
- What data is on your devices? If you're working with sensitive information like customer data and payment details then security software may help protect it. You also have legal obligations when it comes to data protection.
Finally, remember that your people have a big role to play in ensuring you use mobile devices safely. The more they understand the dangers and risks, the lower the chance of your running into problems.