(See part one of this series on cell phone security here.)
If one of the highest risks to the security of a bank account is a lost phone, rather than hacking or fraud, it makes sense that businesses should take security on employee cell phones extremely seriously. Even if an employee doesn’t access online banking on behalf of the business, other sensitive data and accounts can be exposed.
Here are ten ideas to consider:
KEEP DATA SECURE
1. Provide employees with company phones that already have a trio of protection measures installed: (1) a password manager app, (2) keyboard lock password protection with a corporate assigned password, and (3) remote wipe capability in case of loss, theft or employee termination. A corporate phone may not be appropriate or possible for all types and sizes of companies, or all levels of employees – but for those handling sensitive data where security is a high priority, it’s essential.
2. If phones aren’t provided, provide all employees with a written phone security company policy and software recommendations. For new employees, it can be part of a welcome packet. If making phone software and app recommendations, consider including antivirus software, which blocks suspicious links and potential malware.
Interested in samples of what others use for their company policy? A quick Google search for “corporate phone security policy sample” will bring up versions to peruse.
3. Make password protection measures mandatory for all devices used on behalf of the business, along with best practice measures for creating those passwords. A four-to-six digit pin can be hacked fairly easily, but nine pins including a combination of upper-and lower case letters, numbers and special characters is ideal. A combination of three or four words that are not relevant is also effective, such as “papercookedred” or “tilebutterflymailbox.” Better yet, throw a few quirks in the mix, such as “P@perC00kedRed.”
4. For employees accessing sensitive data, such as a CFO, business owner or executive staff, require two-factor authentication (TFA) on their phone. This adds another layer of information required beyond just a password to validate the correct person is accessing the data. Lastpass and Google Authenticator offer free TFA apps.
5. Consider a private VPN service to completely encrypt every transaction, and keep the data anonymous. Virtual Private Networks like IPVanish and others are worth every penny – especially for those commonly working in public areas on a laptop, iPad, tablet or smartphone. Check out these top-rated options.
6. Remind them to keep phone software and apps updated, and remove anything unused. This ensures security patches are in place.
PREVENT MALWARE & HACKING
8. Educate employees on what to look for with phishing emails and texts, using public WiFi, and the dangers of clicking on links or calling phone numbers that aren’t entered independently by the user.
9. Advise employees to read the full detailed description and privacy policy of every single app downloaded on your phone, and chose carefully. They’ll be surprised at the data they might be giving up. It’s also useful to suggest they never use a Google or Facebook account to log into an app, since that gives the app developer full access to the contact information (email address!) and data on an account.
10. Encourage employees to switch off Bluetooth settings or configure it for specific headsets or devices. Certain virus and malware can be installed via Bluetooth, and it can put phone security at risk as the phone automatically searches for nearby Bluetooth devices. WiFi can also be turned off when not in use.
If you have questions about how to keep your bank account secure, please don’t hesitate to ask your banker or seek help with a trusted resource. It’s important to think about security BEFORE something happens, rather than reacting in a crisis.