Your Exchange server can be configured to enforce minimum security requirements so that when a device attempts to connect but does not meet the credentials it will not be allowed access. Firms must regularly review policies on system configuration to ensure that precautions are being implemented to protect the firms shared data.
Here are possible minimum requirements every business in Canada must have:
- PIN required to access phone- a 4-digit minimum must be required, but the longer the PIN, the more secure it will be.
- PIN timeout- It’s important to have a maximum idle time a PIN is allowed to be used. This is to ensure that the device is not left unattended, or in the case that it is, unwated onlookers might not be able to access the firm’s information. Allowable can be 0-60 minutes. 0 means a PIN must be entered every time a phone is turned on.
- Failed login attempts before wipe: Maximum attempts to enter PIN must also be implemented. This can go from 4 to 16 attempts. This means that after 16 failed attempts to enter the correct PIN, the phone will automatically be wiped of data and reset to factory default settings.
- Encryption- Enable encryption on storage card if the option is available.
If you do not have these steps employed yet, here are some recommendations to consider for maximum information security:
- First, you must inform the employees of the importance and urgency of the changes you’re going to implement. You can have everyone sign a mobile device security policy ensure that the protocols are observed.
- Have the phones and devices updated to meet the necessary requirements of update. For encryption, all iPhones running on iOS7 and up are encrypted by default. Android phones have no problem with encryption settings.
- When you have secured that the phones meet the minimum requirements, it’s time to move to updating the Exchange Server. Individual difference in PIN and PIN timeout cause varying security level, but the Exchange Server will impose a fixed minimum security setting that employees cannot alter.
There are also available third-party options like Good Technology and MaaS360. They can be used for separating firm and personal data. This comes especially helpful to those who have a BYOD (Bring Your Own Device) policy. However, this can also pose as a challenge as it requires the use of “firm apps” to access emails, contacts, and calendars that do not work as seamlessly as native applications.
Thinking about a BYOD policy in your Canada business? We can help. NSI works with my businesses across Canada to help ensure their mobile computing is very secure. Have questions? Give us a call at (403) 984-9001 or (780) 800-0644 or email us at firstname.lastname@example.org.