The importance of data privacy on company phones
You may already have a fleet of company devices in circulation. Now, even if you don’t yet issue devices to employees, imagine that all of your employees’ phones have a means of accessing your company’s most sensitive and confidential data. One breach could cause significant financial and legal damage, and losing one of those devices might result in a huge loss of data.
So, ensuring you have adequate security measures in place is key for long-term stability. Backing up company data forms a large part of this, as it reduces the chance of data loss.
Mobile device strategies: COPE vs. COBO
As Head of IT, you have to choose the right device and software combination to achieve optimal security, but also to keep your employees happy. You must decide the limitations that you will impose on these devices: either issuing devices that can only be used for company purposes (Corporate Owned, Business Only (COBO)) or devices that can also be used for personal, day-to-day needs (Corporate Owned, Personally Enabled (COPE)).
The latter can take the form of Bring-Your-Own-Devices, which allows employees to choose the device they use and connect it to company systems.
The former, COBO, offers more security and control. In most cases, the user interface is simplified, with only a few apps available and restricted or blocked downloads; but, in the hands of an individual employee, COBO is still vulnerable, and data security is still paramount.
In some COPE instances, a company may allow employees to connect their own devices to business systems without any monitoring or control at all. This is called ‘Dark BYOD’ and poses the highest risk of all. But, even in this instance, backing up company data from the device can provide some security.
As we will explore, there are solutions to protecting, monitoring, and backing up company data via connective software and servers, which can give your company more confidence in securing data against malware attacks and user negligence.
Dangers of ‘dark BYOD’
Devices that exist without any company oversight that are used for work purposes are known as Dark BYOD. In the new working climate, where more and more people are working from home, Dark BYOD is a tempting option for IT managers on a tight budget. Like any other kind of company device, it does offer some boosts to employee productivity and encourages them to stay connected with colleagues and company software from home.
However, Dark BYOD devices exist without regulation. They are not protected by company-approved security systems, and the data that is accessed through them is not synchronised across the company network and remains vulnerable to unsafe downloads, phishing scams, and unauthorised access if the device is lost.
Dark BYOD devices may be infected with spyware that is tracking company data without the user’s knowledge. For this reason, we advise against authorising Dark BYOD. Instead, our preferred solution is COPE, whereby devices are issued by the company, or chosen by the employee, and are fully integrated into a Mobile Device Management (MDM) system.
Safeguard your data with backups
A key way of managing company data, regardless of the type of device you choose for your employees, is by creating regular backups. This ensures that no data can be lost by accident, and there is a copy of data even if the device becomes compromised. To create backups of this kind, you have a few different options:
- Shared or individual cloud drives, such as iCloud on Apple devices
- Smartphone managers
- Mobile Device Management (MDM) software
While cloud drives may be a simple, familiar solution, they aren’t the best option for businesses. Instead, take a look at smartphone managers and MDM.
Backup company data with a smartphone manager
Any device containing company data can be backed up using a smartphone manager.
A smartphone manager is a localised server that enables a full, secure backup of one or more smartphones onto a laptop or desktop computer. For small businesses, this is an effective way of managing data and improving data security, as nothing is uploaded to the cloud, and everything is kept on-premises. No data passes outside the local network, so there are fewer opportunities for data breaches to occur.
Additional benefits include:
- Access data from multiple devices in one place
- Use some smartphone functions, including SMS, from the desktop
- Free options available
This is a popular solution for saving data securely when upgrading employee smartphones or tablets. Find out more about smartphone managers with our comprehensive guide.
Smartphone managers generally work well for small businesses that operate from one location. But, as soon as you begin to factor in remote and delocalised employees who are also in need of data security on their devices, its suitability dramatically declines.
Synchronise company data with MDM
While a smartphone manager is a great solution to simply backing up data locally, backups alone will not maximise your data security. With MDM software, you can back up data from devices across the globe and protect each of these devices with cutting-edge security software. This results in a central hub populated by synchronised company data that reflects the contents of all devices in the network.
In terms of security, MDM software allows you to:
- Update all device software from the central business hub
- Synchronise company data, dashboards, and systems across all devices
- Create app whitelists for authorised downloads
- Benefit from government-grade security software
- Enforce lock screens, biometrics, and/or two-factor authentication
- Monitor security metrics for all devices in the network
- Remotely wipe all company data from devices if registered as lost, or if the employee leaves
- Include tablets, laptops, and other device types in the system too
Take a look at our MDM guides to find out more about Samsung Knox security for Android devices and Apple MDM security for iOS devices.
How does MDM work with GDPR?
The data privacy of the company is not the only consideration when implementing MDM software, you must also take into account the privacy of your individual employees. One of the key ways that MDM software can assist in fulfilling GDPR regulations is by setting up ‘containers’ within the device that keep all work and personal data completely separate.
This means the company data is secure from any apps used on the personal side of the device, but also that the personal data (including photos, passwords, and contacts) of the individual cannot be accessed by the apps on the business side of the device.
At Everphone, we will only ever recommend software solutions, network providers, and device hardware that we know complies with up-to-date GDPR.
Boost data security awareness
One of the easiest ways to combat data risks within your company is to boost data protection awareness amongst your employees. It should be made clear from the outset, within your User Agreement, what employees can and can’t do on company devices. This way, you can catch dangerous file and app downloads before they happen.
In addition, it’s important to signpost the following tips:
- Choose strong passwords and manage them using a secure password manager
- Activate Two-Factor Authentication wherever possible
- Avoid all unauthorised apps
- Install all software updates as soon as they are available – this can be done remotely by the company’s IT Head with MDM software
- Keep all business log-ins, apps, and correspondence within the encrypted ‘Work’ or ‘Business’ container on the device, therefore separate from personal use
To find out more about how you can safeguard company data on employees’ devices, download our white paper.