Protect Information with Mobile Security Best Practices

Em Blog Mobile Security Main Image

Proven strategies can save hundreds of thousands of dollars

With the ever-increasing prevalence of work-from-home and hybrid working models, employees are more apt and even encouraged to handle potentially sensitive corporate information while working on mobile devices. With the continued rise in cyberattacks and material breaches, increasing 15.1% and 24.5%, respectively, YoY from 2020 to 20211, and mobile devices containing a treasure trove of valuable data, it behooves organizations to mandate strict mobile security protocols. However, 52% of surveyed companies said they’ve succumbed to pressure to sacrifice mobile-device security to “get the job done.”2

Continuing Exact Market’s Cybersecurity Awareness Month series, below are mobile device security best practices that organizations should follow to ensure their information is secure no matter where their employees work.

Best practice #1: Alphanumeric mobile device password

Employees use email (Outlook, Gmail), communication (Slack, Teams), productivity (Word, Google Slides), CRM (Salesforce, HubSpot), management (Jira, Asana), and a slew of other applications when working from their mobile devices. Those applications contain reams of valuable documents and figures that make ripe targets for corporate espionage and ransom. If an employee’s mobile device is stolen, sometimes the only protection separating the thief from potential access to the inner workings of an organization’s operations and secrets is the device’s password. A password that may be instantaneously broken by the thief.

Therefore, it’s paramount that any mobile device containing corporate information is protected by a strong password of at least ten characters that contains a combination of uppercase letters, lowercase letters, numbers, and special characters. According to research by Hive Systems, a consumer-budget hacker using a desktop computer with a top-tier graphics card can brute force break all 6-character length passwords of any combination instantaneously. However, a 10-character, alphanumeric password will take five months to break and breaking an 18-character, alphanumeric password will take 438 trillion years.3

Best Practice #2: Password manager

To effectively work remotely in today’s heavily information-driven economy, employees usually rely upon dozens and sometimes over a hundred different SaaS applications. According to research by Productiv, the average midsized company operates 238 SaaS apps, while the average larger enterprise has 364 SaaS applications.4 With each application typically requiring a dedicated password, many employees are likely to cycle through a limited set of basic passwords (birthdays, pet names, favorite tv shows or sports teams, etc.), resulting in many applications having identical login credentials.

One efficient way to better ensure that employees have unique passwords for each of their applications, and thus have more advanced protection when using these apps on their mobile devices, is to mandate that employees use password manager programs. Password managers auto-generate strong passwords for each application the employee uses and stores the passwords in a program that employees can easily access with a single strong password. Either from a SaaS product or a trusted web browser, password managers are easily adopted by employees and deliver an added layer of security.

Best practice #3: Multi-factor authentication

Multi-factor authentication is a security protocol in which your employees are required to provide at minimum two different authentication tokens to verify their identity before they can access an application or account. The first authentication factor is usually a username and password combination. The second factor can range from a user-generated security token, a text message or email autogenerated password, or a biometric authentication.

Mandating that employees place an additional security layer on top of any application that they’ll access while working from their mobile devices helps to protect accounts containing sensitive corporate information from becoming compromised by brute force hacking and phishing attempts.

Best practice #4: Work on a secure network

You must train and constantly reinforce to your employees that when working outside of the office, they must use a secure network connection. Working on a public Wi-Fi network, like at the airport or a coffee shop, exposes employees to a higher risk of malware infections and from corporate communications and information interception by hackers. Setting up a virtual private network (VPN) and mandating that employees working from mobile devices can only access specific important applications (email, messaging) while connected to the VPN helps to further keep their connections secure and your company’s information safe.

  1. ThoughtLab. “Cybersecurity Solutions for a Risker World.” May 2022
  2. Verizon. “Mobile Security Index 2022.” April 2022
  3. Corey Nesky, Hive Systems. “Are Your Passwords in the Green?” March 2022
  4. Productiv. “The State of SaaS Sprawl in 2021.” September 2021