But the job of securing mobile devices has become much more complicated. It used to be that “mobile device security” means securing the laptops the sales force used. Now, in addition to laptops, you have to worry about smartphones, netbooks and tablets.
Security for these new devices isn't nearly as well developed as it is for laptops. And laptop security is no great shakes.
Increasingly your sales force depends on mobile devices to support them in the field, help manage customer relations and communicate with the office. Unfortunately none of these devices is really secure at any level. However what the user does, or more importantly doesn't do, can make a major difference in security.
Mobile Salesforce security breaks into two parts: The hardware and its settings, and the behavior of the users. Typically with security, the hardware is easier to deal with than security.
Some parts of mobile security are the same as desktop security, although the way it is applied can be different.
For example, attaching unknown USB sticks to your computer, any computer, is like petting a strange dog. There is a measurable chance you're going to get bit. While the major vector for getting bad stuff onto your computer is still the communications link, like the internet or Wifi, USB devices are a common pathway for malware. It is, for example, how the Stuxnet virus got into Iran's nuclear facilities.
Make sure your sales people understand the dangers of unknown USB thumb drives and that they never run an unknown or untrusted device on their computers, desktop, laptop, or anything with a USB port.
Mobile devices have to be protected against theft. Laptop computers, netbooks and tablets are hot items for thieves. Leaving one unguarded for even a second in a public place is asking to have it stolen.
From the hardware side, the most important protection for a mobile device is encryption. As much as possible every mobile device should store its data in encrypted form. (“As much as possible” because not all mobile devices, such as some smartphones, will allow their contents to be encrypted.) That way even if the device is stolen, the damage is limited to the loss of the hardware since the information on the system will be unreadable.
A nifty little variation on this is remote erasure. With this feature you can wipe the memory (disk or solid state) when the computer is stolen.
A handy bit of hardware to help protect your laptop, netbook and tablet is a cable lock. This works like a cable bicycle lock and fits through a special slot on the device's case. You can run the hardened steel cable around a table leg or other fixed item and make it a lot harder for someone to steal it. This cable lock slot is standard on laptops, and available on some netbooks and tablets.
Password protection is important, although again, it is less well-developed on smartphones. At the very least you should password protect every device you can. Usually you need both a username and a password. It's better if the username isn't the actual user's name, as it gives the bad guy one more thing to guess at. The password should be strong and changed often, say every six weeks or so.
There's something of an art to choosing an effective password. Most security experts recommend a password at least 8 characters long, including both numbers and letters with capital and lower-case letters. Beyond that, the trick is not to be obvious while still being easy to remember. Names, apartment numbers, telephone numbers and such are too easy to guess by automated password cracking programs. Chose something obscure and not connected with the user.
Whatever kind of mobile devices your sales force uses, the problem of protecting communications in transit is a major security concern. The most popular wireless communication protocol, Wifi, is insecure as it ships. In extreme cases anyone with a Wifi device nearby can listen in on your transmissions. This is especially true in public places, so caution your sales force about using the network in coffee shops or restaurants.
Wifi security can be considerably increased by encrypting transmissions and choosing the appropriate communications protocol. A lot of devices still come with WEP (Wired Equivalent Privacy) set as a default. This is the oldest and least secure of the common protocols and should never be used. The current standard is Wifi Protected Access version 2, known universally as WPA 2. It's not perfect, but it's pretty good against casual eavesdroppers.
A better choice is to establish a Virtual Private Network (VPN) over an internet connection. This isn't as convenient as Wifi but it can be much more secure.
As much as possible everything send wirelessly should be encrypted. This isn't perfect protection since the framing data sent by the system on Wifi isn't encrypted, but it provides a higher level of security.
Here again, the problem is that the rest of the mobile world is still catching up to laptop computers. Many of the security features which are standard on laptops haven't yet been introduced on other devices, especially smart phones. When shopping for mobile devices you should make security part of the selection criteria. If you're operating in a BYOD environment it helps to have a list of devices with acceptable security features your sales people can choose from.
All this is scarier than it sounds. Most good security is a matter of initial settings and following a few simple rules. It doesn't have to be hard to do and it usually quickly fades into the background.