October 10, 2019

10 mobile security best practices to keep your business safe

Shane Schick

As smartphone and tablet use continues to expand in the business landscape, organizations have become more aware than ever of the threat of mobile security attacks. While different, what these companies all share is a sense of helplessness — that it’s only a matter of time before someone finds a way to infect their smartphones and tablets with malware or fall victim to phishing.

In some cases, that feeling of helplessness is real, particularly if you’re working for a smaller business that doesn’t have a formal security role or a dedicated team to assess and mitigate potential risks.

However, fending off potential security issues is especially important for these small and midsize firms. Given that their employees tend to juggle multiple responsibilities, they rely on mobile devices to go wherever they’re needed while staying connected to corporate data and applications.

Here are 10 ways your organization can remain proactive in its approach to mobile security and management.


1. Make upgrading a priority

According to the most recent NPD Connected Intelligence Mobile Connectivity Report, the average upgrade cycle for smartphones in the U.S. is 32 months — nearly three years. That reflects how often consumers make the move to a new device, and it’s up from 25 months the year before.

That kind of cadence might be fine for people who are only using their devices for personal apps and content, but businesses need to approach upgrade decisions differently. Security researchers learn a lot about the changing tactics of malware authors, distributed denial of service (DDoS) attackers and ransomware campaigns in a three-year period. So do device manufacturers, who are building in protections that specifically address common attack vectors as networks evolve to 5G.

In BYOD environments, it’s critical to set minimum requirements for the devices that are allowed to access corporate systems and apps. Beyond three years from initial release, many devices stop receiving regular OS updates and security patches, making them more vulnerable to new exploits.

If you’re dealing with constrained IT resources, you have to determine the tradeoff between trying to figure out a mobile security strategy on your own and simply making use of what is already market-ready and available to businesses.


2. Make MDM a mainstay

Companies have always made sure they could keep track of the equipment they’ve purchased, but there’s a difference between monitoring what happens on an oil rig that never moves and a fleet of smartphones that have been deployed to on-the-go employees.

While mobile device management (MDM) has been adopted by most enterprises, smaller firms have plenty of reasons to explore it as well. MDM tools can be helpful to companies that offer a bring your own device (BYOD) program but want to make sure employee devices don’t open them up to security threats.

While choosing an MDM solution will take some research, midsize firms can get a head start by making sure the devices they deploy or recommend to employees incorporate security capabilities from the chip up.


3. Allowlisting and blocklisting

Many security threats penetrate companies due to user errors which are often just honest mistakes. Employees might not realize by downloading an app, for instance, that they are effectively leaving the door open to have corporate data stolen from their smartphone.

Allowlisting and blocklisting apps via MDM helps protect employees — and their employers — from these kinds of risks by making it clear which apps and sites are safe.

Blocklists give IT departments peace of mind by blocking access to certain apps and sending notifications when an attempt is made. Allowlists, on the other hand, may be more effective for highlighting the mobile tools employees should be prioritizing over games and social media.


4. Two-factor authentication and biometrics

Weak and easily forgotten passwords can make it simple for rogue third parties to gain access to mobile devices. Two-factor authentication is a straightforward way for small and midsized businesses to begin developing a layered mobile security strategy.

While tokens have sometimes been used as part of two-factor authentication, fingerprints and other biometric identifiers are quickly gaining ground. In fact, 70 percent of businesses will use biometrics for workforce access by 2022, according to market research firm Gartner. Biometrics can be used in tandem with the data separation technologies discussed below.


5. Get comfortable with customization

When new hires are brought on board, they usually aren’t given keys to every filing cabinet, the company’s banking credentials or other proprietary data that require a certain level of seniority or privilege. In the same way, it doesn’t make sense to grant every employee unfettered access to all manner of corporate apps and data.

IT managers can get around this with tools that let them customize mobile devices before they are handed out to their workforce. A good example is Samsung’s Knox Configure, which enables businesses to create a myriad of simple-use scenarios, from customizing boot-up screens to creating dedicated-use devices with only work-related apps.


6. Separate work and play

Even if they don’t have a dedicated desk with their own drawers, companies often offer employees a safe place of some kind where they can place personal items and secure them until they’re needed at the end of the day. Strong mobile security involves taking a very similar approach to the way data and apps are partitioned on the device.

Containerization, for example, allows smartphones to create separate workspaces of business apps and content that can be centrally protected and managed. Administrators don’t need access to an employee’s personal apps or data and can therefore provide the optimum mix of flexibility and security. This lets IT departments lock down sensitive company information, while letting employees maintain confidence in their personal privacy.


7. Ease the updating process

Just as new security threats are constantly cropping up, companies are simultaneously developing fixes that can be applied to mobile devices. Unfortunately, that often puts the burden on a company’s IT resources (which can be scarce or spread thin in midsized firms) to apply all the right patches on a regular basis. According to IDG’s 2019 Security Priorities Study, patch management is still one of the most widely used methods for large enterprises to combat security threats, and smaller firms should do the same.

Technologies such as electronic firmware over-the-air (E-FOTA) mean employees don’t have to wait while patches or other updates are being pushed to their devices. Instead, updates can be scheduled across the entire team, ensuring all updates are tested and compatible, and all devices are uniform.


8. Keep policies current

If employees fall victim to a phishing scheme and get locked out of their devices, or data loss occurs because settings were somehow tampered with, a company will probably be quick to outline an updated mobile security policy for everyone to follow.

Rather than wait until disaster strikes, however, the most successful organizations stay on top of security issues and get in front of them from a policy perspective. At least every six months, review your mobile security posture, from your ability to monitor device usage, points of vulnerability and the age of your smartphone fleet.

Then, look forward to new devices that might be integrated into your workforce as part of new hire onboarding or upgrades across a department. Make sure updated policies are well documented. Of course, make sure employees are held accountable for reviewing and adhering to the policy as well.


9. User training and security awareness

The IDG study showed that almost a third of those surveyed, or 31 percent, cited employee training as one of the top areas where they fall short. “This speaks to the perpetual problem of employees as a security risk,” the authors wrote.

Training and security awareness is never a once-and-done activity, but something that should be treated as an ongoing work in progress. The companies that do this successfully make sure the content is easy to understand and available through different channels depending on their preference. Examples could include tips in an employee newsletter, an instructional video on a company intranet or even push notifications sent to all employee smartphones.


10. Seek a scaleable path

A small company might not be small forever. Growth can come quickly via a strategic initiative to expand into a new market or territory, an M&A or some other tipping point. What won’t change is the need for your workforce to be equipped with the best tools available to do their jobs from wherever they are.

Of course, configuring and provisioning devices one by one is a nonstarter for IT departments, so think about how you can find an MDM tool or related application that will streamline this process as the organization evolves.

Fortunately, none of the Android mobile security tips outlined here have to be developed from scratch. Solutions such a Knox Manage and Knox Configure were deliberately designed to help organizations from small firms to large enterprises with the ability to secure, manage and provision smartphones successfully.

Learn how your business can be more proactive in securing its mobile device fleet with incident response reports by downloading a free white paper.

[Icon] close

Get the right solution for your business

Join 25,000+ organizations around the world.

[Icon] suitcase
Are you a reseller or solution partner?

Get access to the Knox Partner Program for helpful partner tools, such as the Knox Deployment Program portal, Knox MSP portal, partner SDKs, and more.

[Icon] info
Unified Endpoint Management
Knox Suite
Rebranding and customization
Knox Configure
Fraud and theft protection
Knox Guard
Device protection plan
Samsung Care + for Business
Other products & services

Get started with

[Image] Knox Suite

All-in-one solution bundle for enterprise mobility.

[Icon] Check mark

Join us and get a 90-day free trial for Knox Suite and other Knox products. *Approval required

[Icon] Check mark

A complete set of tools to secure, deploy, manage, and analyze your enterprise's corporate mobile devices.

[Icon] Check mark

Try powerful features bundled with Knox Suite, such as Knox Remote Support.

Knox Suite include:

[Icon] Knox Platform for Enterprise Knox Platform for Enterprise
[Icon] Knox E-FOTA Knox E-FOTA
[Icon] Knox Mobile Enrollment Knox Mobile Enrollment
[Icon] Knox Asset Intelligence Knox Asset Intelligence
[Icon] knox manage Knox Manage
[Icon] knox capture Knox Capture

Get started with

[Image] Knox Configure Logo

Remotely configure Samsung devices in bulk and tailor them to specific needs, right out of the box.

[Icon] Check mark

After approval, you can try both the:

  • Setup edition — designed for a one-time deployment
  • Dynamic edition — deploy and update policies as many times without a factory reset.
[Icon] Check mark

Try either the Setup edition or Dynamic edition of Knox Configure on up to 30 devices.

[Icon] Check mark

Get a free Knox Suite trial upon approval to try our UEM.

Get started with

[Icon] Knox Guard Logo

Remotely control Samsung devices to reduce financial risks and protect assets.

[Icon] Check mark

After you get approved, generate your free trial license for 90 days.


Try all the features of Knox Guard on up to 30 devices, including SIM control and device locking.

[Icon] Check mark

Get a free Knox Suite trial upon approval to try our UEM.

Get started with

[Image] Samsung Care Plus For Business Logo

Protect your business devices against accidental damage and mechanical breakdowns.

[Icon] Check mark

Are you already a Samsung Care+ for Business customer? Create an account and access the Samsung Care+ for Business console.

[Icon] Check mark

Contact the Samsung sales team and get peace of mind for your devices.

Other products & services

[Image] Others logo
[Icon] Check mark

Samsung offers additional solutions to serve the unique needs of your business. Talk to a Samsung expert today.

Back to top