PCI DSS 4.0 - Are You Ready? Get a Discount on a Readiness Assessment - Learn More
mobile data security policy
Author Picture
Listen to: "How to Expand Mobile Device and Remote Work Security"

Between work-related travel, a huge increase in WFH and telecommuting, and reliance on contracted workers, the mobile work world has virtually exploded. As if managing sensitive data wasn’t tenuous enough when everything was on-site, but now your team must work protect data around the world. 

The Rise of Remote Work and Mobile Connectivity  

Even before COVID, many companies had employees who worked remotely for various reasons like business travel, being available to clients in different time zones who may operate outside of normal working hours, and special circumstances like maternity or paternity leave.  

It was most likely quite simple to keep up with maintaining the security of a handful of company-owned devices loaned out to a few remote employees for temporary periods of time. However, the fact is, COVID did leave its mark on the idea of remote work and how vital it is to ensure that day-to-day operations are sustained no matter where an employee may be located in the world.  

Now instead of a few remote workers, your company may have dozens or even entire departments that are now 100% work from home. This can make tasks like cyber security, data protection, and issuing company-owned IT equipment to employees a complete nightmare for your already strained IT staff. On top of that, not only does your company absolutely have to maintain SOC 2 compliance at all times, but now the task of doing so just got infinitely harder with all the additional work from home employees your company is managing.  

Also, some employees may be using their own personal devices to access work email, review company and client data, and complete work tasks. How can a business keep up with maintaining SOC 2 compliance while allowing their employees the freedom to work from home and use their personal devices?  

Let us take a closer look at some of the ways that businesses have been addressing the new challenges of securing their company data, the data of their clients, and maintaining 100% SOC 2 compliance.  

Top Ways to Ensure BYOD and Remote Work Security 

All you may see when you look at the ever-growing list of mobile device users in your workplace is more work for your IT team. By working with your executive and IT teams, you can develop, implement and enforce a tough—yet fair mobile security strategy. 

SOC 2 compliance is a requirement for many companies, as well as a sign of trust between a customer and an organization. If your company handles sensitive information, it is important that anyone who does business with you understands that you are doing everything possible to ensure that the information that they share with you is secure from data breaches.  

So, if you have employees that are working from home, working from the road, and sometimes even using their personal devices, how do you maintain a network that is not vulnerable to cyber-attacks and data breaches? Below are just a few ways you can keep data secure while setting your employees free into the world for maximum digital productivity: 

1. Develop a work from home and BYOD device policy. 

Now that the dust has settled and companies know that the work from home movement is likely not to be temporary, you will need to make sure that your company has a written work from home and BYOD policy in place that should be reviewed and signed by every employee. The policy should be developed by your IT department and it may want to include some guidelines for when an employee is using a device remotely to access the company network, email, or any data that belongs to the company or a client.  

Sometimes called a “governance model,” your mobile policy model will lay out all the rules involved with using a mobile device remotely. A solid security policy will help employees understand the risks of using their mobile device remotely, as well as the rewards. It may help for them to know that, without the proper precautions, accessing a client’s private data could end in disaster for everyone. Such a document serves as both a detailed explanation and an agreement that they must acknowledge and sign 

It should include, but not be limited to the following:  

  • Any device used to access company or client data should have all security patches, software, applications, and firewalls up to date. 
  • Always ensure that firewalls are operational and in use. 
  • If an employee is using a personal device for work purposes, they should not use the same device for accessing social media, messaging, making purchases, checking personal email, or anything non-work-related. 
  • Avoid clicking on anything that may seem like an attempted Phishing attack. 
  • Notify IT of anything that seems suspicious or if any issues arise that may seem like a breach has occurred. 

These are just some examples of items that your WFH/BYOD policy may want to include, however, it is up to you and your CIO and IT staff to customize a policy that is geared toward your business. 

2. Fortify IT infrastructure.  

Anytime you have employees access company data remotely, you should fortify your network system through various access management tools. These tools can help to ensure that only authorized personnel on authorized devices are gaining entry to the network. It is also important for IT staff to monitor who is accessing the network and when. Be alert through unauthorized access by being aware of which device is accessing the network, when, and if there are any red flags or abnormal usage.  

3. Secure employees’ computers and mobile devices. 

Any devices that are lent out to employees to be used for remote work, or any personal device that an employee intends to use for work-related activity, should be fortified as well. All remote devices in employee possession should be equipped with a Mobile Device Management platform. An MDM platform allows your company’s IT and security department to manage any device that is remotely connecting to the network. This is true no matter what kind of operating system the device is running. The MDM can also securely give access to remote devices to secure VPNs, password-protected applications, email, network data, and more without having access to the entire system.   

4. Use two-factor authentication. 

Two-factor authentication may seem like not a big deal, but it actually is extremely helpful to protect from unauthorized access in the event a device is stolen, hacked, or otherwise compromised. Two-factor authentication could be something as simple as a key fob that generates a new pin every 30 seconds or a text message sent to a company cellular device.  

As we discussed before, it looks like the work-from-home lifestyle is here to stay. With the WFH lifestyle and the BYOD possibility that comes with it, come new risks and security concerns. One benefit of the WFH/BYOD workstyle is it can save a company money by not needing to pay for office space and not needing to purchase laptops, cell phones, and other electronic devices for their employees. However, what is a possible vulnerability when allowing BYOD on the network? 

5. Plan Regular Mandatory Mobile Usage Training 

Again, reinforcing the need for adherence to company safety policies is essential, and the more employees understand, the better they will comply. Employees can learn some of the specifics of your IT team’s daily tasks and new technologies, such as encryption, authentication and authorization controls. Additionally, it is critical to remind employees—and remind them often—how critical it is that they keep track of their phones because, loss of their smartphone may mean loss of valuable data. 

6. Rely on Encryption. 

Whether the employee uses a laptop, mobile phone or tablet, encryption will slow the efforts of hackers—if it doesn’t stop them altogether—if a phone or laptop is stolen or lost while out of the office. 

7. Shield Back-End Infrastructure 

Use access management tools to make sure only authorized devices and users can tap into your company’s data, regardless of whether you use in-house data storage or software-as-a-service solutions. Monitor and block unauthorized access based on the device and user security posture. 

What Vulnerabilities Are Created when Allowing BYOD on the Network? 

Having your employees use their own devices for work can save a company money, however, what are the risks? The most common BYOD disks include data theft, malware, and lost or stolen devices. Any one of these possibilities opens your company and its data up to vulnerabilities.  

This is where having a Mobile Device Management program installed on every device, whether it is company-issued or BYOD, can help to reduce vulnerabilities. At the same time, it gives employees the freedom to work from home and to use their own devices.  

Call for Reinforcements to Help Keep Your Data Secure Anywhere, Anytime 

Whether you need help developing your information security policy or analyzing your incident reporting and response system, I.S. Partners LLC. can help you feel confident in your data security in the mobile world. Reach out and request a consultation

Get a Quote Try our Compliance Checker

About The Author

Get Hassle-free Pricing in 3 Easy Steps

1
Request a quote using the form below
2
Allow us to create a customized plan
3
We'll get you an accurate, no-obligation quote
Untitled-1 Asset 1 Request a Quote Background

Request a Quote

Please fill out the form below and one of our compliance specialists will contact you shortly. Want to speak to us now? Call us at (866) 335-6235 or book a meeting with one of our experts.

Request a Quote (Keep)

I.S. Partners is serious about privacy. We will never share your information with third parties. Please read our Privacy Policy for more information.

Sending

Great companies think alike!

Join hundreds of other companies that trust I.S. Partners for their compliance, attestation and security needs.

Teladoc VeriClaim DentaQuest VisioNet Verifacts Sterling AV Med DOE Legal