Securing data held by mobile devices is largely reliant upon technology, and a recent report by the Federal Trade Commission (“FTC”) takes aim at how that technology can be both improved and better utilized. The report, published in February 2018 and titled, Mobile Security Updates: Understanding the Issues, presents findings based upon information requested by the FTC in 2016 of eight mobile device manufacturers: Apple, Inc., Blackberry Corp., Google, Inc., HTC America, Inc., LG Electronics USA, Inc., Microsoft Corp., Motorola Mobility, LLC, and Samsung Electronics America, Inc.

Generally speaking, the FTC in the report recommended that both the devices themselves as well as their corresponding support services need to do a better job of addressing consumers’ security concerns. Security updates need to be deployed quicker and more frequently, but consumers also need to know when – and when they are not – covered by services providing these updates. The report further recommends that manufacturers provide a minimum period during which security updates are to be provided, and make that period known to the consumer prior to purchase. The report found that some manufacturers do in fact provide substantial security support, but little to no information is provided on the topic prior to purchase. It was also recommended that manufacturers consider providing security updates that are separate and distinct from other updates that are often bundled together in one package.

Providing security support services by way of software updates is only valuable, however, so long as consumers take advantage of them. To this point, the report recommended that government, industry and advocacy groups work together to educate consumers as to the importance of installing security updates as they become available. It was further recommended that manufacturers improve record keeping as pertains to update decisions, support length, update frequency, and the rate at which consumers bother to download and install the updates, all with the goal of improving upon past practices.

Takeaway for Small Businesses

The FTC’s mobile security report is intended to bolster consumer protection, however it is also relevant for small businesses and their use of mobile devices in the workplace. Many small businesses do not have the resources to implement their own mobile security measures, and thus rely heavily on the mobile device manufactures to ensure a certain level of security. Moreover, small businesses often allow for a bring-your-own-device (BYOD) policy, which permits employees to bring and use personally owned devices in the workplace. While a BYOD policy helps a small business save on device and carrier costs, it also increases the likelihood of security threats to the business.

Although small businesses should not rely entirely on the security measures provided by mobile device manufactures, improved security updates and support services as recommended by the FTC’s report will certainly be beneficial to small businesses that do not have resources to invest in security measures. That said, just as the FTC advises consumers to take of advantage of the security software updates, it is imperative that small businesses, particularly with a BYOD policy, act prudently with respect to mobile device security measures available to them by the manufactures. For more information on BYOD key issues and policy considerations, visit Jackson Lewis’s “Bring Your Own Device” BYOD Issues Outline. Mobile device manufacturers are in a constant race to stay ahead of those seeking to expose vulnerabilities. Issuing frequent updates is crucial for security, but ultimately, it is just as important that consumers and businesses that rely heavily on mobile device manufacturer securities measures, understand their role in the process.