Losing your mobile device – whether it’s an iPhone, an iPad, or Android devices - is scary for a number of reasons. Your mobile data could be potentially exposed, or hackers could launch a cyberattack against your business and may be trying to look for their chance to get in. Both of these issues, as well as any kind of accidental damage, are great reasons to have device protection.
Device protection is becoming more and more necessary in our everyday lives, especially as we continue to rely on an increasingly high number of mobile devices to complete daily tasks, run businesses, or entertain ourselves.
Small businesses can especially benefit from mobile device protection, as your business relies on data to operate. A device protection plan can save your business from data theft and give you peace of mind.
Keep reading to learn more about device protection and why it should be a crucial part of your business’ cybersecurity plan.
What is device protection?
Whether one of your employees opens a phishing email or you lose your mobile device, device protection ensures any unauthorized users won’t be able to access key company data by providing coverage against potential cyberattacks.
Device protection and data protection go hand in hand. If your mobile device is compromised, it’s safe to say that your data is as well. Therefore, it’s just as important to protect your devices as it is to protect your data, whether it’s stored on the cloud or in an external hard drive, to make sure you have coverage against any attempted theft.
Device protection relies on three elements working together: technology, human training, and controls. These elements form the security triangle.
What is the security triangle?
The security triangle describes the three components that ensure the protection of your data in your devices. Let’s break down what each component consists of.
Technology is a necessary component in device protection, but people often overemphasize its importance. The truth is that technology only goes so far. Firewall, whitelisting applications, antivirus, and antimalware all provide an adequate amount of protection for your devices, but you can’t rely on these software programs alone for optimal protection.
Antivirus addresses a problem that is already solved. It is no longer as necessary as it used to be, as no one makes money from viruses anymore. The new thing is malware, specifically ransomware, which sees an attacker holding your data up for ransom.
You greatly improve your device protection when you integrate human training and strong controls into your system.
Cybersecurity training has become mandatory for an increasing number of companies for a reason. Hackers and malware most often rely on human error in order to succeed.
To strengthen your device protection, make sure your employees are properly trained. At least once a year, have your employees complete cybersecurity training to ensure that they know how to spot malicious emails and pop-ups.
You can do this through a number of activities and tests across various platforms. For example, have made them aware of what a keylogger - a software device that records the keystrokes on a computer - looks like in Word and how to detect it (hint: though pop-ups). In your cloud solution, show them what malware could potentially look like, such as a “Download attachment by X before it expires.”
It’s not only important to ensure that your employees get the proper training, but you also want to foster an environment in which they don’t feel stupid. Mistakes happen, and chances are one of your employees may one day open an email that contains malware.
In this situation, an employee who doesn't feel comfortable bringing this mistake to their boss might feel too embarrassed to say anything and decide to just move on. Meanwhile, the malware is collecting your data and personal information while you continue to operate your business. You won’t know that this has happened until you’re attacked and your information is held for ransom.
Finally, the key component that holds the security triangle together is your controls.
Your data is your business, so you need to have a grasp of how much of your business each of your employees has access to. In a data breach, access controls are one of the first elements that are checked.
Ask yourself the following questions:
- Who has access to what?
- Do you have a strong authentication and authorization process?
- How do you control who has access to the right information?
- Does anyone other than you have access to everything?
- Are there any files that can be publicly accessed?
Generally, the owner has super access to all accounts within their organization. It’s normal for higher roles, such as CFOs, to have similar access, but access should be restricted for most employees beyond this point. It’s important to note that CEOs and CFOs are prime targets for phishing emails.
The best practice for access control is to only give each employee access to what they need to do their job. Anything more puts your business at an unnecessary risk. For example, salespeople typically don’t need access to shipping information, and it goes without saying that aside from your accountant, the majority of your employees do not need access to your business’ financial information.
You may feel like you can trust your longtime employees enough to share all aspects of your business with them, but this isn’t about trust. The reason for restrictive access controls is because hackers only need one point of entry to access your entire system, meaning it only takes one of your employees to accidentally open a phishing email.
If a basement window of a house is open, a burglar can easily break in. But if the basement door is locked, they’ll have trouble accessing the rest of the house. The same goes for your company’s access controls: if one of your warehouse crew members opens an email with malware, that hacker has access to inventory information, but they’ll have trouble accessing your company’s accounts if your warehouse crew doesn’t have access to them. The less data that’s compromised, the easier the problem is to deal with.
Device protection comes in different forms, and it’s your responsibility to find the solution that works for you. One common form of device protection is web and cloud access protection.
What is web and cloud access protection?
The internet is the main medium for transferring malicious content. If this type of content is downloaded, it may put your data at risk through corruption. Essentially, web and cloud access protection prevent this from happening.
Web and cloud access protection protects your computer from unsafe URLs by redirecting network traffic to the Symantec Web Security Service (WSS). It works by monitoring communication between web browsers and remote servers.
You would probably recognize the WSS in action - it’s the reason that you sometimes get a “website is blocked” message if you try accessing a site. The WSS either allows or blocks the traffic based on policies set out by the WSS administrator before it downloads to your device.
To ensure the safety of your data, make sure that web access and cloud protection is enabled across all of your devices, including any Apple device or Android devices.
Web and cloud access protection isn’t always enough to prevent any malicious attacks on your devices. When it comes to device protection, you have other options.
What is a device protection plan?
You most likely have thought about how you’ll protect your data. If you’re proactive, you may even have a solid backup plan in place for your organization. However, phone protection goes beyond keeping copies of your important documents in cloud storage. You want to prevent having to restore those copies in the first place.
A device protection plan means that your mobile devices are equipped with software that monitors, manages, and protects them from malicious activity. Device protection should always be running in real time and automatically to ensure that nothing sneaks its way into your company’s information.
One way of protecting your device is through layered security.
What is layered security?
Layered security is a security system that uses multiple components to protect your business’s information. The security triangle is a form of layered security.
Layered security can also involve:
- Securing your data traffic
- Protecting your network against lateral attacks
- Employing software management
- Protecting individual mobile devices
Why do you need a device protection plan?
Advanced cybercriminals can target your business through many different ways, including:
- The internet
- Your network
- Your applications
- Your employees
- Your devices
Trying to exploit your mobile device is one of the most common ways for hackers to access sensitive information.
As mentioned, having the right software on your devices ensures they are protected from malicious activity in real time. Training can help your employees recognize malware, but there’s still a chance that they may fall for the odd phishing email. Data protection prevents malware from even making it through. That being said, as a reminder, control also plays an important part in the security triangle.
Here’s another scenario: You may be prepared for a potential attack to come through your devices, but what happens if one of your employees loses their device through a car theft, or leaves it unattended at the coffee shop? Depending on that employee’s role, key details of your business could suddenly be exposed.
In this circumstance, a key part of your device protection plan is ensuring that you have strong authentication and authorization procedures in place. Authentication verifies that the user really is who they say they are. This requires your employee’s device to have a very strong password, or better yet, fingerprint or facial recognition.
On the other hand, authorization ensures that the user has access only to what they need. This means that even if the thief is able to break into the device, which you should always assume they can, you know exactly what they have access to, and it doesn’t expose your entire business. These two processes together make it difficult for anyone who steals your employee’s device to successfully access their information.
Is it worth it to get a device protection plan?
The more we rely on a computer, mobile phone, or tablet, the more we need a device protection plan. This is because, despite access controls, we have our information in multiple devices, increasing our cyber risk.
All of your devices need device protection; even your Google Home stores your data. As a small business, it’s especially important that you have a solid device protection plan, as you often store other people’s data in addition to your own, making your business a prime target for attempted data theft. A device protection plan is a small investment considering the risk it protects you from.
Frequently Asked Questions
Q: What does device protection consist of?
A: Device protection should consist of many layers, including:
- Internet layer
- Network layer
- People layer
- Application layer
- Device layer
Q: What does a device protection plan do?
A: A device protection plan protects your business from malware at all angles. Whether your employee clicks on a pop-up or they get their laptop stolen, device protection ensures that your data remains safe.
Q: What is the security triangle?
A: The security triangle includes three components that ensure the protection of your data in your devices: technology, human training, and controls.
Technology involves having the right software, human training involves making sure your employees are up to date on their cybersecurity training, and access controls mean everyone only has access to what they need.