Mobile devices, such as smartphones and tablets, have become a standard operating practice for most accountants, who use them to access critical firm information and resources while away from the office.
Unfortunately, many firms take a non-standard approach to allowing these devices to connect to resources. This practice inadvertently risks a firm’s information and network.
The solution: develop a comprehensive mobile device policy and mandate adherence to security best practices.
13 tips for protecting your mobile devices
Tip 1: Mandate strong passcodes
Mobile device passwords and passcodes should be unique, avoiding home addresses, birthdays, and other easy-to-guess numbers that a thief could find out by searching the user’s online profile.
Tip 2: Don’t share access
Users shouldn’t give others access to their mobile device and should change the code after the firm’s IT support personnel do any maintenance (which they should automatically mandate if they access the device).
Tip 3: Use screen locks
Screen locks should be set up and configured to wipe the information on the device after a set number of failed attempts (usually 5-7). The screen should also automatically lock when not used for a short period of time (e.g., 1 or 2 minutes), requiring the user to re-enter the code or a biometric equivalent (fingerprint scan or face scan).
Tip 4: Report theft or loss of device
Users must contact their IT department immediately to remotely wipe the mobile device if it is lost or stolen. Or, contact the mobile service carrier if the firm is not responsible for maintaining the device.
Tip 5: Turn off geotagging
A surprising number of applications include GPS coordinates with photos, texts, or social media usage, which can tag your location with amazing accuracy. These geotags can be nefariously used to identify when the user is away from home on vacation or at a confidential client meeting (providing the exact office address).
Tip 6: Update software and apps
Make sure the smartphone is set to automatically update the latest versions and patches of the device’s operating system (e.g., Android, Mac iOS) and applications (including a firm-recommended antimalware program). It is also important to educate users to run any update that includes a security patch as soon as possible.
Tip 7: Encrypt data
Users should be shown how to verify that data encryption is turned on on their mobile devices. While most current smartphones have this feature automatically set up, older legacy smartphones did not mandate this, so users should be shown how to update the operating system and turn on encryption.
Tip 8: Automatically sync/backup device
Smartphones can be dropped and broken, lost or stolen, so their data must be protected. The best way to do this is to automatically back them up. Be sure that the backup system’s standards on encryption and passwords follow the firm’s standards.
Tip 9: Don’t share personally identifiable information (PII)
It goes without saying, but users need to be reminded not to send texts or emails with any confidential client or personal information such as bank accounts, passwords, or social security numbers, including information captured in photographs or attachments.
Tip 10: Avoid Wi-Fi for sensitive transactions
Personnel should be trained to utilize the smartphone’s mobile hot spot rather than Wi-Fi for securely accessing firm data, doing online banking, or shopping where the user’s bank account or credit card information may be entered. Always verify you’re on a secure connection when entering any sensitive information (https: or shttp: should be in the website address header). Users should also disable Bluetooth and not select auto-connect to Wi-Fi, which minimizes the risk of accessing malicious connections to the internet.
Tip 11: Use reputable application stores
Personnel should only download applications from authorized providers, such as Google Play for Android or the Apple App Store for iPhone programs. This minimizes the risk of downloading clone applications that provide free versions of popular applications but can be rife with ransomware that will make your data inaccessible or malware that captures your login name and password and monitors all your activities.
Tip 12: Review applications before installing
Be sure to search comments and ratings on applications before installing them on a mobile device. This may tip users to hidden pitfalls as well as help the user better understand what the application does and what the vendor does with the information.
Tip 13: Don’t allow “jailbroken” or “rooted” phones
Jailbreaking is a term to describe Apple iPhones (rooting describes Android devices) that have been modified to work on different carriers or to add features not allowed by carriers. Rooting and jailbreaking override the security features within the operating system of the smartphone, compromising the device and usually voiding the warranty.
Secure your devices, protect your firm
Mobile devices are an important addition to an accountant’s arsenal of business tools and applications and will become increasingly important as the profession becomes more global and mobile. It is the responsibility of all users to ensure that these tools are securely and properly utilized.
