Companies and organizations routinely face security threats, especially on their intellectual property, information or financial assets, and even in their ability to conduct business. If an attack is successful, it brings with it a chance of financial loss, legal or regulatory infractions, or damage to the reputation of the company.

The best way to deal with these attacks is by limiting exposure to unwanted or uninvited access, securing a system against invasion and imposing what’s often called “defense in depth”, which requires building multiple layers of protection around valuable stuff. When this is in place, if one layer gets breached, the attackers aren’t automatically granted access to everything.

For companies with employees and contractors who use their mobile devices to access organizational systems, applications and data, security is both important and vexing.

As mobile devices are inherently moving targets that are used outside your organization’s perimeter — and, therefore, also outside your firewalls, spam and content filtering, threat management, and other tools used to keep attackers out — it is vital to utilize some of the best practices to minimize exposure to risk and loss.

That being said, there is a fine line between keeping things safe and protected, and too much security that gets between people and the work they must do.

Although it’s challenging and comes with some costs, here are the best practices for establishing a security-first business smartphone policy. All of these are designed to help reduce the risk of loss or harm to your company or organization.

1. Install and Update Anti-Malware Software

For years, Windows, MacOS, and Linux have been targets for malware. But, increasingly, other mobile operating systems such as iOS and Android are also being threatened.

Any member of your firm who uses a mobile device to access the Internet must install and continuously update anti malware software on their smartphone or tablet.

2. Secure Mobile Communications

It is commonly known that wireless communications are easy to intercept and intrude on. For this reason, all mobile devices that are part of your business should be encrypted.

In fact, it is highly recommended that all business smartphones require the use of a virtual private network (VPN). VPNs not only include strong encryption, but they also provide opportunities for logging, management and secure authentication for users who need to use a mobile device to access services, applications, or remote desktops and systems.

3. Demand Strong Authentication, Adopt Password Controls

No longer is a straightforward account and password enough for your security-first business smartphone policy. All employees’ mobile devices should include multiple forms of authentication to ensure that the mere possession of a device doesn’t automatically grant access to valuable systems and information.

As part of your policy, consider whether the danger of loss and exposure is so great that you want to require that after a certain number of failed login attempts, the device should wipe its internal storage clean.

4. Command Third-Party Software

If your firm issues mobile devices to its employees, then you should establish policies to limit or block the use of third-party software. Prevention is better than cure, and this is the best way to prevent possible compromise and security breaches from an intentional or drive-by installation of rogue software.

If you have a Bring Your Own Device (BYOD) policy, the safest course of action is to require employees to log into a remote virtual work environment. While in this environment, only the screen output from work applications and systems will go to the mobile device. Then, once the remote session has ended, the data won’t be saved on the phone.

Remote access has to occur through a VPN connection, so this strategy also ensures that communications are secure and gives companies the ability to implement security policies that prevent the downloading of files to mobile devices.

In addition to mobile security, your firm needs to focus on strengthening all of its security infrastructure and upgrading to a service like Kaspersky Internet security mobile on top of your smartphone Internet package.

By taking the appropriate steps to shield against loss and mitigate risks, your employees will still be able to take advantage of the marvellous benefits that mobile devices can bring to the workplace.