Cyber thieves are targeting companies of all sizes with hacking, ransomware attacks, and other attack methods, the latest Verizon Data Breach Investigation Report shows. While traditionally these types of attacks have targeted PCs, attackers are now increasingly shifting their sights to mobile platforms such as smartphones. Attacks on Android devices rose 40 percent in the second quarter of last year compared to the previous year, according to Avast data. If your company uses smartphones for business, mobile cybersecurity needs to be a priority. Here are six key tips to keeping sensitive business information on your Android device safe from cyber attacks.

1. Use company devices with built-in security

To a hacker, smart devices represent points of vulnerability on your company network, so it’s vitally important to protect yourself on this front. A good place to start is by limiting your bring your own device policy to mobile platforms with strong built-in security features. For instance, Snapdragon mobile platforms use built-in artificial intelligence to provide state-of-the-art security features such as biometric authentication and on-device malware detection.

2. Optimize your device settings

In order to take advantage of your chosen device’s built-in security features, it’s important to optimize your settings and follow best practices. Activate your phone’s screen lock option so that a strong password or biometric authentication is required to log in. Turn on your phone’s encryption option to encode your data so that it can’t be read by unauthorized users. Install the Find My Device app so you can track down your device if it’s ever lost or stolen.

3. Avoid social engineering scams

Since 17 percent of attacks involve social engineering, it’s also important for you and your employees to be on guard against this type of scam. In over nine out of 10 cases, social engineering scams employ email, typically impersonating an authorized user or an authority figure in order to access sensitive data. Attackers using this method frequently focus on workers in HR in order to get access to W-2 information, or they may target workers in finance by pretending to be the CEO.

To prevent this type of scam, train your workers not to give out sensitive information when they haven’t initiated the contact or they haven’t verified the identity of the other party. Additionally, use filters to stop common spam messages from getting through, and never click on suspicious links or attachments in emails.

4. Keep software current

Outdated software can be another point of vulnerability on mobile devices. Hackers target known flaws in old versions of software in order to victimize users who haven’t kept current with the latest security patches. Most ransomware victims have been breached due to outdated software. To avoid this vulnerability, make sure to promptly follow instructions for update notifications to your operating system as well as any apps you use. To avoid malware, only install software from official sites rather than third-party sites.

5. Use secure network connections

An unsecured network connection can expose your data to hackers. Hackers particularly favor public Wi-Fi hotspots, where they can easily intercept sensitive data being transmitted by unwitting victims. You can thwart this by only using secure connections when sending sensitive information. A virtual private network (VPN) uses encryption to make sure that only authorized parties can read data being transmitted. Similarly, you should only use secure websites when sending financial data over the internet. Secure sites will have an HTTPS prefix in their URL, indicating that the site uses encryption.

6. Back up your data

Because ransomware attacks threaten to delete your data, it’s vitally important for your security policy to include a data backup policy. A best practice is to always store at least three copies of your vital data, using at least two separate media, with one copy stored in a different physical location than your office. One way to implement this is to use a cloud backup service such as IDrive to schedule automated remote backups. For local backups, you can use an external hard drive such as the Buffalo MiniStation Extreme NFC, which stores up to 2 TB of data.

Using a device with built-in security features, optimizing your device’s security settings, transmitting data over secure connections, using current software, avoiding pretexting scams and backing up your data are six pillars of a good mobile security policy. Following these principles and training your employees to do the same will help ensure that your company’s sensitive data stays secure.