It is one thing to protect on-premises business assets like workstations, servers and IoT infrastructure. When it comes to mobile company-owned devices, the potential risks duplicate and get more challenging to fortify against. Here are the most common business risks of mobile devices and how to implement policies that keep them at bay.

Misconfigured Devices

The most important step any small-business entrepreneur can take is to create a comprehensive set of steps for configuring company-owned mobile devices. These three priorities will get you started:

Limit admin privileges: Workers should not operate the mobile device full-time from a fully privileged administrator account if it is avoidable. If the device falls into the wrong hands, this raises the risks of bad actors compromising the device’s wireless features or data storage.

Use strong passwords: This is the most basic cybersecurity bulwark, but employees still see fit to cut corners. Insist on strong password hygiene throughout your small business, including solid and unique passwords and setting reminders to change them frequently.

Encrypt all external storage: Many modern devices have built-in encryption tools for the operating system and backups, but it is easy to misconfigure external storage devices like USB drives and micro-SD cards. Either disallow the use of external storage media with mobile devices or train employees on methods for encrypting USB drives, SD or micro-SD cards.

The U.S. National Institute of Standards and Technology and the Australian Cyber Security Centre have both published detailed guidelines for small businesses describing basic and advanced device configuration and cybersecurity measures. It is wise to learn what you can about emerging trends in the industry.

Phishing and Smishing Attacks

Phishing and smishing are two of the most common risks for company-owned devices, including mobile ones. This is just one kind of social-engineering attack, but it is attempted up to 700 times per year against the average organization.

The statistics concerning phishing attacks against company-owned devices, specifically, are staggering. According to one estimate, phishing attacks targeting laptops, smartphones and other mobile devices are growing by 85% annually. Here are the essential steps to take:

Educate: Use resources published by reputable sources — like the Australian government’s Scamwatch website — to train staff to recognize the signs of phishing.

Verify: If you or one of your employees is contacted and asked to perform an uncharacteristic or dangerous action, make no further contact until you verify the identity of the email or text sender. Employees should have easy access to an official organization directory to verify all communications from colleagues, managers or service partners.

Delete and block: Make it clear that workers should never click on a suspicious-looking link from a suspect sender. After verifying the phishing attempt, they should automatically delete the text or email and block the offending address or phone number.

Physical Damage

In 2020, research found around 140 million American citizens have incurred physical damage to their smartphones at some point. About 87 million individuals have experienced such an incident in the last year. In 2022, the global smartphone repair market was valued at an estimated $4 billion USD.

Mobile devices frequently incorporate durable materials and designs that shrug off drops and spills. But even the most careful employee with the most modern device can run afoul of unforgiving asphalt. There are a few considerations worth exploring if your company relies on field agents with mobile devices:

Understand how device testing works: Familiarize yourself with the methods used to shock-test electronic devices and which certifications the product has earned, such as IPX ratings for water resistance. This ensures you choose a product that meets your needs if it happens to get dropped out in the field.

Match the device to the environment: If you frequently work in harsh conditions, be sure your mobile devices have been prepared appropriately or protected with external cases or folios.

Consider rugged devices: Manufacturing and other environments frequently require the rapid intelligence and connectivity of smartphones, tablets and other electronics. If your mobile devices are at a higher risk than usual of being dropped, crushed or having abrasive or corrosive materials spilled on them, explore more durable options, like ruggedized tablets.

Buy device insurance: This will not prevent damage, but it can give your growing business peace of mind that you will not lose the entire sticker price of the device if it gets damaged. Device protection plans often start at a few dollars per month per device.

Compromised Wireless Networks

Unfortunately, this is not the sort of world where you can connect to public Wi-Fi networks with absolute confidence. There are various possibilities regarding breaches and attempted fraud on public internet. Norton identifies these business risks of mobile devices when connected to public networks:

Unencrypted network architecture

Malware distributed on public networks

Malicious hotspots

Man-in-the-middle attacks

Wi-Fi snooping

There are steps you can take to protect yourself:

Instruct staff not to access sensitive information using public Wi-Fi networks.

Use a paid VPN (virtual private network) to encrypt all traffic. Be sure it has a kill switch to avoid potential leaks.

Do not trust websites without proper security certification — the URL should always begin with “HTTPS”.

Always have two-factor authentication turned on for accounts that support it.

Ensure every company-owned mobile device is fully updated to the latest software and firmware to address any recently uncovered cybersecurity exploits.

Wandering Eyes

Employees who travel afield while possessing company-owned mobile devices require a comprehensive set of guidelines. They should know the steps to take to protect their devices and any proprietary data from public peeping Toms:

For frequent travelers, consider applying privacy film to laptop, smartphone and tablet screens to avoid wandering eyes picking up passwords or trade secrets.

Require employees to lock their device’s screen each time they are done using it. If they happen to set it down someplace, potential bad actors will not find an unlocked device awaiting their misuse.

Keep all mobile devices on your person or in a secured location.

Portability

Remember that “portable” is synonymous with “losable” and “easily stolen,” which means the chief benefit of mobile devices could also be their most exasperating drawback. Take these potential portability-related risks to heart:

Do not leave company-owned electronic devices unattended in a public place.

Turn on location-assistance features. Android and iOS have device-location apps built in — Find My Phone and Find My iPhone — but they will not help you find lost or stolen devices if they are not activated.

Familiarize workers with SIM-swap attacks and other risks that apply to personal or company-owned smartphones.

Understanding the Business Risks of Mobile Devices

The business risks of mobile devices are clear and have already taken a toll on unprepared and unsuspecting small businesses. Yours does not have to be one of these.

As your organization grows, consider retaining quality cybersecurity talent or building a relationship with a third-party company that can keep you safe. There is no need to take on these challenges all by yourself, so complement your entrepreneurial knowledge with cyber risk knowledge whenever necessary to protect your business and its momentum.