Mobile Security Tips Every CEO Should Know

Every CEO knows they must have mobile-specific security policies to reduce security risks, particularly among those who bring their own devices to work; but how many CEOs are spearheading the direction of those policies, or even understand what their company’s policies are?

Though a recent study from Dell and Intel revealed desktop-based devices are still the primary technology tool in the workplace, their prevalence has steadily declined. In fact, nearly 40% of workers surveyed said that they favor mobile devices and the bring your own device (BYOD) policies that many corporations now incorporate to accommodate mobile users.

To ensure that your company’s mobile policies are keeping up with the rapid change in mobile connectivity, here are key mobile security tips all CEOs should have implemented into their corporate policies:

“The prevalence of corporate data breaches underscores the need for business leaders to remain vigilant about the level of encryption their organizations use.”

1. A BYOD policy. At minimum, your business’s BYOD should outline the information employees are authorized to access from their mobile device and what’s not allowed, and state what kinds of mobile connections and/or user-initiated downloads are authorized for business use. For example, the BYOD policy should state that accessing sensitive business data via an unsecure Wi-Fi “hot spot,” like those commonly found in airports or Starbucks locations is prohibited.

The BYOD policy should also outline the measures employees are expected to take for establishing and updating appropriate passwords, and for keeping the latest versions of mobile software current. Regardless of device ownership, the policy should mandate that employees allow your business to “wipe” the contents of any mobile device remotely used for business in the event of suspected security risk, whether external (in the case of a lost or stolen device), or as a result of employee termination.

2. Vendor encryption standards. The prevalence of corporate data breaches underscores the need for business leaders to remain vigilant about the level of encryption their organizations use internally, along with the need to command encryption standards for vendors. Work with your CIO to ensure that any third party who provides solutions for your business meets your company’s encryption standards. We recommend ES 256-bit, or FIPS 140-2 within their own applications. These are considered the “gold standard” of encryption.

3. Don’t assume your staff will maintain security. Your BYOD policy can outline acceptable use policies, however, device management is no longer a sufficient means of ensuring your business’s mobile security. Mobile devices are as vulnerable to potential malware and viruses as desktop tools if the proper protections are not in place. Consider investing in business-wide installation of an appropriate security application like Norton on all mobile devices as standard policy for any employee bringing a mobile device into the workplace. Though taking this extra measure will require an investment, it is far less costly than the risk it bears if an employee disregards the BYOD policy on a device that isn’t secure.

4. Strategize with your IT team about how to spot vulnerabilities. Mandate password changes that occur every 30 or 60 days, and ensure your IT team is conducting a “sweep” of passwords to ensure employees are following policy.

Mobile devices in the workplace can give employees the flexibility they need to stay connected to work, at anytime and from anywhere. While such access can enhance productivity, it also requires that corporate leaders remain proactive about ensuring that the appropriate internal controls are in place and practiced, to secure sensitive enterprise level and employee data.


  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events