Everyone is familiar with the ways in which your data is at risk – device theft, accidental sharing or malware attack. IT departments work hard to incorporate best practices and data loss prevention (DLP) strategies to reduce the risk. Adding to the challenge however is the growing number of employees that bring their own devices to work, regardless of whether or not it has been approved. As a result, IT’s job has become increasingly difficult.
Below you will discover five ways to better manage mobile security and prevent data loss.
1. Backup Data Regularly – While this seems to be a given, it is important to be reminded that data backups should occur regularly. Furthermore, backup files should be tested to ensure they work properly in case of a recovery effort.
2. Educate Staff – Teach (and remind) your employees about security through explicit example. When they understand what’s sensitive and confidential they’ll work to protect it. Also, don’t hesitate to stress the consequences of a breach such as a damaged reputation, loss of revenue, regulatory fines and risk of personal safety.
3. Classify Data – Develop and implement a classification standard that contains broad categories for how to define and treat information. Incorporate classification as one of your policies and procedures (see heading below).
Some examples of classification codes include:
Top Secret, Secret, Confidential
Highly Sensitive, Sensitive, Internal, Public Documents, spreadsheets, emails, operational documents, marketing collateral, etc. must all be classified to ensure water-tight security. The challenge comes when some of these documents become re-purposed. Make sure you have a re-classification strategy in place too.
4. Develop Policies – Ensure your data security policies are up-to-date (or even existent for that matter). Specify procedures for creation, access, use, transmission, storage and destruction of information in different environments (i.e. devices, systems, networks and applications).
5. Install Mobile DLP Software – Security vendors such as Symantec, McAfee and Websense have developed products that allow for mobile user monitoring. Capabilities include:
Viewing data a mobile user accesses and/or downloaded from a corporate server.
Preventing emails, calendar events and tasks from synchronizing with a device.
Preventing business information from being transferred and stored on a mobile device.