Smartphones are not too risky for most small businesses. Viruses don’t spread through smartphones the same way they do through computers. But no technology is perfect. As I see it, smartphones present three main risks:
- Malware from sketchy apps.
- “BYOD” (“bring your own device”) using personal phones for work.
- Loss or theft of company-owned or BYOD phones.
Fortunately, even the smallest businesses can reduce those risks. That’s good news because today some businesses can be run entirely by smartphones. We rely on them at All Net. Here are some steps I recommend to keep smartphones safer.
Malware, short for “malicious software,” can infect apps you download to your phone. Then it can record your keystrokes, take over your phone’s camera or GPS or steal sensitive data. Steps you take to prevent malware depend, first, on your phone’s “operating system,” or OS, is a program that keeps all the apps on your phone working. You have just two OS choices for your smartphone: Apple’s iPhone system (iOS) or the Android system (for all other phones). The two systems require different security measures. I always recommend accepting the updates offered by the OS, whether it is your phone, tablet or computer.
Apple iOS Security
Apple’s iOS is inherently more secure, in theory, because it was designed to be inaccessible. Apple controls the apps that can be installed on its phones. That doesn’t mean iPhones are perfect, but the general consensus is that you do not need anti-virus software on an iPhone unless—and this is important—the iPhone has been “jail broken.”
Tech-savvy people can “jail break” an iPhone to install unauthorized apps, remove pre-installed apps or otherwise modify iPhones. Jail breaking voids warranties, and many companies won’t provide support for such phones. Businesses should never jail-break iPhones. They also should prohibit use of jail-broken personal phones used for company business.
Android phones initially were less secure—again, in theory—because anyone could create apps to run on the Android OS, and apps can be infected with malware. However, Android has been doing a better job monitoring and securing their app store.
Android phones are still more open than iPhones, but there are free malware scanners available from Avast, AVG or service providers like AT&T and Verizon. (I use AT&T Mobile Security.) I recommend using security applications for Android phones to ensure that installed apps are safe.
“BYOD” (“bring your own device”) smartphones are personal phones owned by employees but used for business. This practice can save a small business money, and some employees like them for their convenience. (They only have to carry one phone.)
The downside is, BYOD phones store personal AND company data. This data can include emails, text messages and more, so the risk becomes a two-way street. Companies have less control over who uses a BYOD phone and what apps are downloaded on it. In turn, if a company’s system is compromised, personal data on a BYOD phone could be compromised.
Typically, a business can use software to disable work-related apps from a BYOD phone if an employee leaves the firm. Some systems, like Exchange, also can delete downloaded files from these phones. Large enterprises often use Mobile Device Management (MDM) to wipe company data but it is often too expensive for a small business to implement. Microsoft now includes Intune Mobile App Management with Microsoft 365 Business Premium that is a very affordable method to control company information on smart phones. We use this at All Net.
Any phone used for business should be password or biometrically protected with “auto screen lock” turned on. BYOD users also should avoid saving passwords to business and financial apps on their phone. Some of these apps send a message to your phone for Two Factor Authentication and if you save the password the bad guys just need to guess your PIN.
LOSS AND THEFT PROTECTION
This threat is obvious. Smartphones are smaller than computers, so they are easier to lose and easier to steal.
Businesses and BYOD users should enable a phone-tracking account with Google or Apple. There are other services you can use, too, including tracking apps companies can install on personal phones. These services can be activated if the phone is lost or stolen, but do practice using them before you need them. A personal identification number (PIN) might keep a criminal out of your smartphone for a while, but a phone-finding service can locate the stolen phone, take a picture of the bad guy and wipe the data. Google will even send you an email of the location of the phone if an incorrect PIN is entered.
THE BOTTOM LINE
Technicians at All Net would be lost without their smartphones, and they use them in ways I never imagined. They collaborate with Microsoft Teams and stay in touch with emails, text messaging and videoconferencing. They connect remotely to computers to troubleshoot for our customers. They use smartphones to snap pictures of equipment, including model and serial numbers, to share with other support personnel. Smartphones help them respond quickly to customers from wherever they are. A few simple precautions make the process much safer.