Advances in smartphone technology and the Internet of Things (IoT) have been responsible for substantial changes to the workplace over the last decade. Devices can do more on the move, and that frees up accountants who were previously shackled to the office-based desktop to work more flexibly.
While this new on-the-move era offers many advantages, how can you make sure your data is secure and to the high standard that your clients expect? Under GDPR, the emphasis is on the data holder to put security measures in place, which means you could be potentially liable for any breaches. While the vast majority of us are primed and ready for scams and security threats on a laptop or desktop, our cyber-savviness drops when handed a tablet or mobile.
Perhaps we feel more secure on these devices because many of us associate them with texts, calls and ‘downtime’ rather than emails and bank balances. The reality is that we are accessing more and more financial and personal data on our phones and tablets every day, and we are no safer on them than we are on our desktops. So, what should you be doing to make sure you’re covered?
Thankfully, you don’t need to worry too much about malware on your mobile. According to Verizon's 2019 Data Breach Investigations Report, mobile malware is the least common point of entry in data breach incidents. It is other problems like phishing, data-leakage and poor security that might lead to your downfall.
Phishing is trickier to spot on mobile devices because mobile email clients and messaging apps have a habit of shortening names, links and URLs. It may seem like an unnecessary extra step, but the best way to safeguard yourself is to always check the full name of a contact, their email address or URL. The best phishers change these by just one or two letters, so look out for commas in odd places or barely-there misspellings.
Be wary of any message or email that requires urgent action. And if you’re making a payment you can avoid problems by always double-checking bank details by phone and by going directly to a bank’s website instead of clicking on links in emails.
We often assume that apps are safe to use if they have come from a reputable source like the App Store or Google Play. Unfortunately, that’s not always true. Take a good look at the apps that can access your data and consider using a mobile threat defence app to scan for dodgy in-app behaviour or weaknesses that might allow others to target you. Mobile threat defence apps target processes which can result in data leakage and block them. But be warned – these can drain your battery.
When it comes to human error it can be a bit more difficult to prevent. There are apps and extensions out there that can help, such as the Hold your horses email extension, that prevents you from emailing the wrong client.
You’ve probably heard it all before, but good password management is key. Minimise risk from loss and theft by using a PIN or password on all company devices, so even if they are lost you can be confident that nobody can access them.
Even better, use biometric security features if you have them and check if your phone or tablet has any secure file storage for important work documents. This means you’ll have a second layer of protection should anyone get into your phone while it is unlocked.
Most importantly, try not to reuse the same password across devices and accounts, and absolutely don’t mix up your professional and personal passwords. There’s nothing worse than finding both your home and work data compromised because of one weak link. If you struggle with remembering your passwords try using a password manager like LastPass or Bitwarden to keep on top of them.
Done all of the above? Fantastic! But remember that cybersecurity should go further than your phone. If you want to be really sure that your information is secure when you are using a mobile device, make the most of two-factor authentication to ensure only authorised people can log on to your sensitive systems.
Using unfamiliar Wi-Fi? A Virtual Private Network (VPN) will encrypt any information you send or receive, ensuring your data is less vulnerable to interception.
You can even go the whole hog and get your own mobile Wi-Fi device, like Vodafone’s Gigacube, so you don’t have to take that risk when you travel for work. Not only does it mean you and your colleagues will have your own source of Wi-Fi wherever you go, but you know that any connected IoT devices are using a secure network with protection that you have set up yourself.