Today in the Evolve IT Lab, Lachie and Ben discuss the risks of mobile devices in your workplace. Are your employees using their personal devices to connect to the corporate email or network? You may need to watch this video.
CEO's, CFO and organisation decision-makers should regard an employee personal smartphone as company IP. You don’t want this information getting breached.
Watch our event on the data breach laws
Lachie: Good day, guys, and welcome back to Evolve IT Lab. My name is Lachie, and we've got Ben from SOPHOS. Welcome back, Ben.
Ben: Thanks for having me again.
Lachie: Guys, today we're gonna be assessing mobile security and the risks of a mobile device within your organisation. And we're gonna be asking Ben a couple of questions about how you can...the risks, and how you can avoid, and how you can reduce those risks. So Ben, what are some of the risks a mobile device does have or has on a organisation?
Ben: Absolutely. So the biggest thing is email. So most organisations will have personal devices to receive corporate email, so you need to think if, say, someone loses their phone [inaudible 00:00:41] the train, and someone picks that phone up, they can essentially have access to contacts, they can look at emails, they can, say, look at a month worth of emails. There's no real limit to what they can do based on that, and it's really a good way to gain reconnaissance into an organisation.
Lachie: Yeah, right. And with the data breach laws, it's gonna be a...I guess, it's a more hefty fine if people do pick up that mobile device and gain access.
Ben: Yeah, absolutely.
Lachie: So what are some of the things you should avoid when it comes to mobile devices?
Ben: Absolutely. So, essentially, like, look at mobile security holistically, and maybe look at implementing a system to manage those devices, not allow all the devices onto your network because they do impose a risk to be breached. And there's also, like, best practices. So look at PIN numbers, for example. PIN numbers are a really easy way to stop an attacker from gaining access to your device should you lose it. Just simple little things to secure that data.
Lachie: Things like...I know the latest technology has, you know, scan your face to access your phone, and your fingerprint and stuff, is that better security than PIN numbers or...?
Ben: Well, it makes life easier. It's not necessarily better because there's always a PIN number in the back end as well. So if you, say, lose or you reuse PIN numbers and someone's actually trying to target you, that PIN number will probably always get back into that device if you are being targeted or... But there's a lot of things you can opt to do.
Lachie: Yeah, right. Cool. So ensure that your phones and mobile devices are up-to-date with the latest software. Yeah. Make sure you select a secure password. That's just a couple of things that you can do today to help protect your mobile devices.
Ben: Yeah. Probably containerisation's the last thing to look at, and again, it's something that's a little bit more outside of the box but actually moving all of that corporate data into a secure enclave on that device.
Lachie: Great. Great idea. All right guys. Thank you, Ben.
Ben: Thank you.
Lachie: And thank you everyone for watching. We'll see you next time.