The Cyber Source blog

Cyber Security, in plain English

Mobile device security best practices: Controlling secure documents

Today, every business relies on a mobile workforce, from the CEO down. Organisations work outside of the 9 to 5 and depend of accessing business information 24/7. With the omnipresence of mobile devices and various operating systems at play, it is essential documents are adequately secured.

Security needs constant updating and requires regular monitoring, ensuring measures keep up with fast-moving technological advances. With the rapid evolution of software programs across laptops, mobile phones and tablets, hackers have turned their attention to these devices, opening the door to data vulnerabilities.

hands working on laptop

A recent study found that up to 81% of the world's foremost professional hackers could breach the cyber defences of large corporations, accessing their documentation and information in around 12 hours. Digital innovation calls for the constant assessment of security vulnerabilities and best practice methods and strategies to combat these attacks. With the increasing power of mobile devices comes new security and data loss risks.

Mobile device security best practices mitigate cyber attacks and secure your digital documents on your personal and business devices – tablets, laptops, and mobile phones – protecting them from malware (malicious software). How can you best ensure the ongoing protection of your business?

Below is advice on how to ensure the cybersecurity of your iOS, MacOS, Android and Windows devices with consistently updated methods, which include:

  • Compliance rule applications and additions

  • Future-proofing

  • Remote wipe

  • Utilising encryption and VPN programs

  • Passwords

  • Regular OS updates


Mobile Device Management (MDM) platforms such as IBM's MaaS360 provide a set of compliance rules to be applied to your mobile devices, to effectively manage documents, filing and saving. Should you feel the software require additional compliance features, the MaaS360 allows you to create and add your own rules to further enhance the protection of corporate data.

The usability of the platform affords you the options to create a stronger system to support:


  • Remote wiping of information - when an employee leaves, or if a device is lost or stolen

  • Managing and controlling different operating systems - remotely applying firmware updates

  • Compliance, protecting Personally Identifiable Information (PII), as well as identity management for business apps

  • Granular user permissions - to manage and/or restrict usage to specific users, or devices

  • Application security

  • Mobile threat management

  • OS VPN

IBM's MaaS360 dramatically simplifies the management and update of mobile devices - across iOS, macOS, Android and Windows devices. 'Over-the-Air' (OTA) device enrolment and management puts you in the driving seat of the operating system's security - to take back control of your remote workforce.


Essential from the onset, your strategy should be designed to enable your corporation/business departments to work as a team, while ensuring the protection of company information. The way forward for this is to recognise that employees freely utilise Bring-Your-Own-Device (BYOD) policy to conduct business, which calls for a unified platform that caters for ALL mobile operating systems - whether iOS, macOS, Android, or Windows devices - to maintain data protection and productivity of mobile users.

Unified data management minimises complexity of working with a wide range of operating systems. Businesses can streamline access between devices with granular rules to manage permissions and identities. With the introduction of GDPR, it is especially important to control users, or user groups of devices to manage access to corporate data and Personally Identifiable Information (PII). Permissions for individual users, specific devices or user groups is easy to manage, can be changed at will, so you retain full control of your corporate data

Remote lock and wipe

An important security feature used when an employee leaves, devices are lost/stolen, or become obsolete. The wipe option allows IT to quickly and remotely remove corporate information from specific devices, whether a company-owned mobile, or employee-owned (BYOD) device. Corporate data can be selectively erased, or a full wipe performed to restore to factory settings.

Remote wiping is applicable to all operating systems.

Utilising encryption and OS VPN programs

One of the foremost security rules is to never transmit secure data over unsecured, or public Wi-Fi. If your digital device has the option to encrypt information, then use it. The recommendation is to use 128-bit encryption, which encrypts and decrypts data by using the most secure algorithms and techniques.

However, when faced with no encryption option the best practice is to encrypt secure information using a Virtual Private Network (VPN). Available through a private VPN service purchased by your company, the software creates secure encryption passwords to transmit private data when required.

IBM's MaaS360 OS VPN feature allows you to remotely deploy, configure and manage your VPN settings, to ensure secure access to the corporate network.


Policy should dictate a mandatory and effective password policy. Password Authentication Protocol (PAP) allows for password expiration at a set time and the re-issuing of a new password. Unique passwords can be applied to specific employees thereby authenticating identity which allows you to dictate who is privy to sensitive data, during which time the password can be removed and a new one applied to maintain constant security.

Regular OS updates

Operating systems are the backbone of all digital devices, and require critical updates to patch known security vulnerabilities - the most common method exploited by hackers. iOS, Mac, Android and Windows-based devices operate with different permissions and protocols to ensure optimised configurations. Simplifying the update of firmware and software/apps is essential to quickly close the open doors to security vulnerabilities.

Software updates should be per vendor's instructions and will be specific to the operating system. Ensure processes are effective across the board with all your devices.

Solving the mobile security threats

Unfortunately, hackers across the globe are constantly at war with security technologies and processes, yet even a simple and persistent phishing program can still be effective. With over five billion mobile users across the globe, mobile devices have become the latest playground for hackers to exploit.

Identity theft, financial fraud, or access of confidential business documentation and intellectual property are just some of the unsavoury activities to keep at bay.

While cyber security seeks new ways to strengthen digital defences, the underbelly of the digital world lives to stay ahead of the game and exploit weaknesses in your mobile device systems. Part of the solution is to know your mobile device’s strengths and weaknesses.

How to safeguard your mobile users, documents and data

Improving your mobile device protection is essential and, together with a full understanding of your security protocols and practices, will help protect your mobile workforce. A well-managed Mobile Device Management platform is the first step towards taking back control of your mobile users, to secure your business information. 

As the UK's leading IBM MaaS360 specialists, Comtact Ltd. works 24/7 with the UK's leading organisations to secure help secure their critical information. Download our best practice guide to Mobile Device Management (MDM) eBook and read about how MaaS360 will keep your mobile strategy ahead of the threats - and dramatically simplify the management headache.

Mobile Device Management (MDM) Guide

Related Articles:

Comtact's UK Security Operation Centre (SOC)


About Comtact Ltd.

Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).

Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact's state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK's leading organisations.

Explore our 24/7 Security Operations Centre (SOC)


Sign-up for weekly updates

Recent Posts

Recent Posts