Monday, 16 May 2016

Home and mobile working - ’10 Steps to Cyber Security’

Mobile working is an established fact of life today, whether you’re accessing corporate data on the move or connecting to the company network from your home. Mobiles devices now make it easier for employees to do all they need irrespective of geographical location.  

While the mobile revolution provides flexibility for employees, it also brings risks. One of which is the simple physical loss of equipment, such as a laptop left on a train, or a smartphone left in a taxi. Being able to access all documents from a single location means that, should the device end up in the wrong hands, the security can be compromised.

Blunders and lapses

Should you happen to find yourself in a situation whereby your device goes missing, do not panic. Laptop lapse can easily be dealt with by encrypting hard drives, enabling remote access to wipe data and also by using extremely robust passwords.

A more immediate danger, however, are sophisticated exploits such as mobile botnets, where multiple smartphones can be infected with a virus or Trojan type software. This can result in a network of phones being programmed for malicious activity, such as stealing credit card data or malware, burrowing into a corporate network. As mobile computing becomes increasingly commonplace, hackers are also increasingly drawn to it.

World of many devices

In terms of home and mobile working, organisations need to secure and manage operating systems in a world of mixed-use devices, while at the same time incorporating identity, context, and privacy enforcement to set the appropriate level of access to enterprise data and services.

Organisations need to address three areas: device management, application management and content management.

In terms of device management, organisations need to be able to secure and manage a diverse range of mobile devices, automatically enable enterprise settings such as Wi-Fi and VPN, as well as providing end-users with secure access to corporate email.

With application management, a business should aim to deliver, secure and when appropriate, retire mobile apps. This provides IT with the ability to manage the application life cycle from making applications available to employees, securing applications on the device and when necessary, containerising corporate apps to keep them separate from personal apps.

Content management is the ability to enable end-users to securely access and manage enterprise documents that are kept in different content repositories, whether on-premises servers or in the cloud. It’s also important that corporate email attachments are encrypted. Ideally, users should also be able to securely browse corporate Intranet content without the need for a device-wide VPN.

Importance of policy

Policy guidelines also need to be in place in order for a business to dictate actions. For instance, if a mobile device falls out of compliance, IT can define remediation actions that will either notify the user of policy violations or remotely wipe corporate information.

In addition, stating how an employee should connect to the corporate network can also help with security. Connecting to a corporate network via secure socket layer virtual private networks alongside a two-factor authentication for identification will also ensure privacy and protect corporate data.

No comments:

Post a comment