Many businesses see mobile security primarily as an issue to be solved through technology. But while technology certainly plays a large part, security awareness across an organization is vital. Developing and sustaining a culture of security throughout the entire organization is key. To ensure a strong culture of mobile security in your business, follow these five steps.

1. Train Employees Effectively

All employees in your organization, from top executives to those on the lower rungs, need to be aware of their part in maintaining effective security. Security awareness training is essential. All new hires should receive training sessions upon joining the firm, but it shouldn’t be a one-off activity. Rather, training needs to be constantly enforced to ensure that security is top of mind for employees and that the latest threats are covered. Think of creative ways to deliver training so it grabs everyone’s attention and the information is more likely to be retained.

2. Recognize the Importance of Policies

Policies define what standards of behavior are required and the role that everyone has in ensuring security. There needs to be a range of policies in place, covering topics such as acceptable use, incident reporting and how to deal with social engineering antics. It’s extremely important to include these policies in your security awareness and training program so that employees are aware of what they must do. Without communicating these policies to employees right off the bat, they’ll be extremely hard to enforce.

3. Ensure Executive Sponsorship

The best way to ensure that a culture of security is driven throughout your organization and that sufficient budgets are available for security programs is to get buy-in from those at the top. One person should be given overall executive responsibility for driving the program and keeping it on track, and they should report directly to the board. This will give your organization the best chance of ensuring that security objectives are balanced with the other risks your business faces. It will also demonstrate to everyone in the organization the importance that needs to be attached to security.

4. Enforce Basic Controls

All employees should be educated on the importance of security hygiene. A clean desk policy needs to be enforced, and all workstations and devices locked down and signed out of when not in use. Basic practices such as strong passwords along with stronger authentication methods and timely updates to security controls need to be enforced. Research what users need and set baseline behaviors for basic security controls that should be in place and adhered to at all times.

5. Provide Secure Devices

Finally, since users are sometimes the weakest link, the best practice is to help defend them against themselves. Inadvertent errors and loss of devices are common causes of security incidents that can easily lead to sensitive data being lost. When devices are corporate-issued, the organization can ensure that they have high levels of security built in. Samsung Knox is a highly rated mobile security platform that helps keep data safe and users secure. Even in a BYOD environment, an organization can provide a list of acceptable devices or can use controls to check the security posture of devices before they’re allowed to connect to the network. Organizations should raise awareness of the dangers associated with mobile apps and file-sharing services, and ensure that corporate alternatives are provided that meet employees’ needs.

It’s often said that security requires a combination of people, processes and technology. While that’s always been true, attacks are increasingly targeted at individuals. Therefore, it’s vital that security awareness is high among everyone in an organization so that everyone knows what part they have to play in maintaining effective security for their business.

Are unpatched security vulnerabilities worth the risk? A recent report shows just how much known vulnerabilities can cost your business.

Posts By

Fran Howarth

Fran Howarth is an industry analyst specializing in security. She has worked within the security technology sector for over 25 years as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include mobile security, cloud security, information governance and data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations. Follow Fran on Twitter: @FranNL

View more posts by Fran Howarth