When it comes to data security and the threat of attacks, most mobile devices are basically sitting ducks. And as mobile device use becomes more widespread in the workplace, many businesses and IT experts will find themselves struggling to ensure the security of their organization’s data.

SherWeb, as a provider of secure cloud-based business email and collaboration tools like Hosted Exchange 2013, and military-grade SkyNox online backup, we help thousands of organizations around the world keep their data secure.

In a recent article, we offered 7 tips on how IT pros can boost their organization’s business mobile security, namely by establishing a mobile security policy. But even the most rock-solid policy can be drastically undermined by employees who fail to understand or respect it.

And that’s not the worst of it…

Even more alarming is the fact that up to 91 percent of employees reportedly use their work-related smartphones for personal use, and 81 percent use their personal smartphones to check business email.

Whether your organization ensure its data security through an online solution or in-house, there are
a number of steps employees can take to ensure their mobile device use does not jeopardize business data—whether they are using their device at a client’s office, at nearby café or at a hotel during a business trip. Here are 12 of them…

12 Steps For Protecting Business Data On Your Mobile Devices

1. Find out if your company has a mobile security policy. If not, ask it to create one. Make sure you understand it completely. If not, ask questions or suggest the policy be reworded because if you don’t understand it, chances are good that other employees won’t either.

2. Always exercise the same level of caution you would on your PC and laptop.

3. Be very wary of using apps. According to the Government Accountability Office, the number of variants of malicious software targeting mobile devices has jumped from about 14,000 to 40,000 in less than a year (that’s roughly 185%). Many apps start out as legitimate, but then become hacked by hackers who download them, add malicious code and then repost them. Often you can’t even tell if an app has been hacked because there’s usually no difference in functionality. But meanwhile, your app is secretly performing malicious activity in the background.

4. Do not jailbreak or root your mobile devices because this makes them more susceptible to mobile threats and malware. It may also prevent you from receiving security updates notifications from the manufacturer and could make keeping your software up to date more difficult.

5. If you receive a strange MMS with an attachment or link, be very cautious before opening it.

6. Keep your mobile’s operating system, antivirus software and apps (approved by the company’s mobile security policy) up to date.

7. Backup data before going on trips or vacation and store this backup somewhere safe. Even better, ask your company to consider switching to an online backup solution so that your data is automatically backed up without any effort on your part, and safely stored where it can’t be lost, misplaced or fall into the wrong hands. Barring that, you can also leave some data behind or move sensitive data from your laptop hard drive to an encrypted USB stick.

8. Use the “passcode lock” feature and a secure password. Even though this is the most basic security precaution and requires minimal effort, a reported 18 percent of smartphone users do not use this feature. Again, this is where having a good mobile device security policy can help. You should also activate the inactivity timeout feature on your mobile devices.

9. If you’ll be using your corporate smartphone for whatever reason, or your personal smartphone to access your business email or other business data while staying at hotel, first find out who the hotel’s Internet service provider is and use a virtual private network (VPN) to connect. If the hotel does not have a reputable provider, do not use the hotel internet. Find secure WiFi somewhere else if need be, ideally a 3G or 4G hotspot. Even if the hotel does have a reputable provider, you should never update software to connect to the hotel Internet.

10. Always stay clear of WEP (wired equivalent privacy) encrypted connections because they can be cracked by just about anyone in less than five minutes. Instead, use Wi-Fi Protected Access connections (WPA).

11. Avoid online banking and shopping while on any hotel or public Internet connection.

12. Disable pop-ups in your web browser.

*Update 17 Sep 2014: SkyNox now goes by a new name. Details

Written by JP Mercier Employee @ SherWeb

JP is SherWeb’s community manager. He has been working for IT companies since 2010, in both the software and cloud computing industry. JP has a degree in communication and specializes in online marketing. As a good Canadian, he is (overly) polite and loves hockey.