Cybersecurity in your pocket
Data security is fast becoming a litmus test for responsible businesses. Metro Communications offers five simple steps to reducing the vulnerability of mobile devices
It is often said that there are two types of company, those that know they’ve been hacked and those that don’t. Perhaps a more significant distinction is between those that protect sensitive data and those that are caught in the headlights.
Businesses have a legal duty to protect data. Indeed, under new data protection rules, organisations that handle personal data are expected to put in place an information security policy that includes safeguarding against cyber attacks. Yet a recent UK government survey found that while 43 per cent of businesses had experienced a recent cyber breach, just 27 per cent had developed a coherent security policy.
Mobile devices are a key area of vulnerability. These pocket computers are our constant companions, our bridge to personal and business relationships. But they are also location trackers, listening devices and data hoarders which can easily be lost, stolen or hacked.
So, what can businesses do to protect sensitive mobile phone communications?
- Keep apps and operating systems updated: This basic advice is often ignored, possibly because the constant stream of reminders can make us feel like we are being nagged. However, these updates are often intended to correct or ‘patch’ security issues that could compromise your communications. Keeping devices and software up to date is one of the five Cyber Essentials set out by the UK government. If you don’t have a digital security policy, Cyber Essentials is a good place to start.
- Manage ‘bring your own’ devices: Government data suggests that 45 per cent of businesses allow staff to use their own phones for work. Research shows that where this happens, data breaches are much more likely. It may be worth looking at mobile device management (MDM) platforms that can effectively cordon off and secure business data and delete sensitive corporate information when a staff member leaves. A recent review of the best MDMs by PC Magazine is available online.
- Don’t forget your ‘metadata’: Some widely used apps give a sense of security because they encrypt message content. However, your metadata – which includes your location, the date and time of calls and messages, your mobile phone number and the numbers of whoever you contact – is still accessible. Consider using business-grade apps that not only secure the content of your calls and messages, but also guarantee that nobody outside of your organisation can access your metadata. Some business apps also include a ‘message burn’ feature which deletes sensitive data on request.
- Choose validated apps: Always download apps from a trusted source such as the App Store or via a MDM platform (see above). Apps certified by an independent third party such as the National Cyber Security Centre provide reassurance that you are downloading a programme where secure coding practices have been used and encryption has been done correctly.
- Improve your cyber-security intelligence: There’s more to security than encryption. Hackers can take advantage of holes in your operating system’s security fence, scale the fence or show a fake pass and get waved through the door. Prevention is always better than cure. Your IT team must stay up to date on the latest threats by accessing the weekly and annual threat and vulnerability reports issued by the National Cyber Security Centre.
Data is currency, and data security is fast becoming a litmus test for responsible businesses. The real challenge is not simply to avoid GDPR fines but to preserve business health and continuity by protecting sensitive information through a measured and thorough approach. If your cybersecurity policy includes stable doors and bolting horses it is high time to think again.
For more advice about how to protect your mobile phone conversations, contact Metro Communications.