The Dos and Don'ts of Security in Today's Mobile Workforce

It's likely that you'll have your personal device at work. It's also likely that your personal device may serve as your work device. Welcome to the mobile workforce.

In the past year, security threats have become more sophisticated and more rampant, creating a challenge for older security technologies which tend to be more reactive than proactive. The volume of attacks keeps growing exponentially. Mobile device attacks in particular have grown by over 1,000%. With the proliferation of mobile devices and the increasing demand from millennials for flexibility, bring your own device (BYOD) policies are becoming mainstream with almost every employer. As a result, cybercriminals are targeting workers regardless of their location or device platform. Whether an insider threat like Edward Snowden or cybercriminals overseas, hackers are finding new, innovative ways to infiltrate networks and systems.

Keeping best practices in mind, here are some dos and don'ts for mobile security in the workplace:

Do:

Leverage multi-factor authentication – Using a lock screen that requires a password isn't enough. In addition, use biometrics if your phone supports it, (a thumbprint) and then use a second method of authentication such as a long password.

Update your applications – Smartphones can be exposed to more vulnerabilities simply because the apps on the device become out of date. Put policies in place to update apps once available and make sure you have the most recent version on your device.

Educate your employees – Understanding the different elements of mobile device management and BYOD is vital. Oftentimes, users that compromise a network are unaware of the security implications and risks they pose to the company. It's important that you educate employees and that it comes from all levels. HR departments, executives and IT managers should work together to increase awareness to the workplace.

Create a usage policy – If you or your employees are using a personal device at work, see if there is a usage policy in place, or work to develop general guidelines. Check to see what policies are in place on your laptop and implement them on your mobile device as well.

Don't:

Connect to public Wi-Fi – Avoid connecting to Wi-Fi hotspots and use your cellular network connection instead. Wi-Fi networks are much less secure and are vulnerable to hackers aiming to compromise your data and connection.

Don't install apps from untrusted sources – With devices that contain corporate data, be mindful of the personal data you store on the device. Data from third party sources will naturally create more vulnerabilities. Easy precautions, like only obtaining new apps from Google Play or avoiding installing applications from third party markets helps minimize the chance they will encounter malware. Adware and other potentially unwanted applications (PUA's), on the other hand, are a bit more prevalent in free apps. These applications track and store user data, display pop-up and push advertisements, bog your phone down and more. The paid version of a free app will exclude this undesired functionality.

Download media on the network – Streaming music and downloading movies or images slows down the network, and can cause additional risk and liability to the business. Additionally, avoid using social media apps if you are on the corporate network.

At the end of the day, there is no "one size fits all" to policy or approach to mobile device management. Users should take advantage of security solutions available to them. Be smart about cybersecurity and take a proactive approach to protecting your devices and personal information.

Grayson Milbourne is the security intelligence director at Webroot. Over the past ten years Milbourne has worked in various areas of the company, spending the past eight years focused on threat analysis. His areas of security intelligence expertise range from mobile to reversing to automation to cloud security.