Pages

Categories

Search

 

Cybersecurity Protocols to Implement in an Always-Connected Workforce

by
November 22, 2016
CTOvision
No Comment

Carol M. Evenson

computer-keyboard-1188763-640x480-1It used to be that workers would come into the office, sit at their desk, work for eight hours (with a break for lunch in there somewhere), and then go home. Now, however, work is moving out of the office and into, well… everywhere else. With teleconferencing, smartphones, cloud computing, and a long line of other mobile technologies, today’s workforce has evolved. Workers are used to always being on the go.

For that to be possible, though, they need to be able to access their work data from anywhere. The world has adapted to the point where that “always connected” mentality is necessary. The problem with being able to access your data from anywhere, though, is that other people can find ways to access that data, too—people you don’t want going through customer information, company financial records, and other secure data.

Security provider Blue Coat reports that the average data breach costs an organization $10,000, with some breaches being more commonly reported in the tens of millions. In order to lower the risk of such a breach, it’s wise to put security protocols in place and map the process out on in a step-by-step format via workflow management software for the entire organization to see. Here are a few protocols you should keep in mind when creating this process internally.

Install malware protection software

Mobile malware used to be uncommon, but its popularity is growing. In the past, it was difficult to infect an Apple mobile device with malware, because it required the user either to actively download an infected app from Apple’s store or to jailbreak their phone in order to install their own unauthorized apps. In 2015, however, it was discovered that attacks using XcodeGhost and YiSpecter did not require those same vulnerabilities. To counteract these and similar threats, companies should make sure that any device employees use to access the company’s network or records has malware protection installed.

Update apps as soon as possible

Cybercriminals are working day and night to find and exploit new vulnerabilities, and the people who built the apps they are attacking are working just as hard to fix those vulnerabilities. Get your employees in the habit of keeping all apps on their phones, laptops, and other devices they use to connect remotely in order to remain protected against breaches.

In the same vein, enforce a policy that regulates which apps employees can and cannot download or access using the company network.

Require a PIN/passcode for all mobile devices

girl-with-smart-phone-1616794-639x426Criminals looking for secure data may not even need malware if they can get their hands on an employee’s mobile device. Whether the employee has stored the secure data on their device or regularly uses it to access the company network, it presents a vulnerability. The first step to closing this security gap is a simple one—require all employees to utilize a PIN or passcode in order to unlock the phone. Make sure that it is a secure password and that it locks within five minutes.

When it comes to passcodes, longer is generally better. A four-digit PIN means there are 10,000 possibilities, but professional hackers won’t be deterred. On iOS, your employees can go into settings and turn the “Simple Passcode” setting to Off.

Set up devices for remote wipes

If one of your employees actually does lose their phone—whether it was stolen or misplaced—you don’t want that data to be outside of your control. If all else fails, you need to be able to take that information out of the wild. Set up your devices so that, in an emergency, you can access it remotely and wipe all of the data stored on it. Depending on the type of device your employees are using, this might require you to download a special app, or it might come as part of the standard suite. With the remote wipe enabled, a lost device will still be the loss of an asset, but it won’t necessarily become a security breach.