Mobile working has become a necessity for many businesses, and this has been supported by advancing technologies.
It’s a great benefit, but it’s important for all businesses to realise that while employees might leave the office behind, security should not do the same thing.
Having both the right policies and security software should all be part of the same plan to keep your company safe.
Educate your employees
Employees need to know what to do in an emergency, such as if their phone or laptop is stolen. Quick action is often the difference between preventing a further breach and suffering more damage.
Staff should also know simple tricks to keep data safe. Making sure that they’re not being watched when entering passwords, such as by sitting with their back to a wall, is good advice.
Security policies should be set so that laptops are locked the second their lids are closed. Employees should be trained to close laptop lids when they’re not working.
These two policies ensure that an opportunistic theft does not turn into a data breach.
Add protection to every device
Every single device that a remote worker uses should conform to the security policy that your business has defined.
This means ensuring that all devices have the required internet security software installed on them, regardless of whether it’s a company-provided or personal device.
Security policies should be enforced on all devices, including requiring long passwords to access laptops. Your IT systems should have two-factor authentication enabled, too, requiring users to enter a unique code alongside their password. This ensures that if a password is stolen, a hacker still can’t access your systems.
No one wants to repeat the Staffordshire University debacle of 2014 when a laptop containing details of 125,000 students was stolen from a car.
Employees need to be trained to avoid such errors, and to take the right steps to limit the damage if such a breach does occur.
Help prevent theft
Theft of devices is a huge problem. According to a report by Code 42, a laptop was stolen every 53 seconds in US airports during 2014.
That’s a staggering amount of laptops that go missing every year, and you don’t want your equipment to be adding to those statistics.
Aside from educating your employees about the threats and telling them to keep their IT kit close to them at all times, you can help out with additional products.
Kensington locks are a good idea for laptops, as they can secure a laptop to a table or chair, stopping the opportunistic thief from being able to make a quick getaway.
Implement tracking and remote-wipe
Laptops and phones will go missing or get stolen, but it’s important that your company is positioned to deal with this threat quickly.
Tracking software is a good starting point, either provided by a device, such as Find my iPhone, or through a third-party vendor. This kind of software will let you find a device as soon as it is connected to the internet.
More importantly, you should implement remote-wipe software, allowing your IT department to clean out a laptop or phone in the unlikely event of it being stolen. Once the command has been sent, the stolen device has to be connected to the internet to be wiped.
Turn to the cloud
Cloud services are brilliant, and the connections can be secured to just as high or higher a level than if the data or applications were stored on-site.
Where possible, all documents, files and emails should be stored in the cloud. This ensures that if the laptop or phone is stolen, then the data is still safe and can be retrieved.
Encrypt everything
Hard disks on laptops should be encrypted, so that if the computer is stolen and the storage is physically removed, no information can be stolen.
Use VPNs
It’s likely that mobile workers will have to use hotspots and hotel Wi-Fi to get online at some point. The problem with these kinds of networks is that you cannot control how secure they are.
When your users need to access your company directly, a virtual private network (VPN) is a must. A VPN encrypts all network traffic, preventing anyone eavesdropping on it.
An investigation by a British TV company last year showed how easy it was for hackers to access huge amounts of personal data from mobile phones by using a device that forced devices to switch from a legitimate public Wi-Fi spot to his own fake one.
The same applied to Bluetooth hackers who used their devices to access nearby laptop and mobile users without their knowledge.
Avoid shared computers
Your employees should avoid public computers, such as those in internet cafes, for anything critical.
There’s no telling what is installed in the background, and many have been found to have keylogging malware installed. This type of malware records keystrokes, letting hackers steal passwords.
Be wary of USB devices
Users should not be plugging unknown USB drives into their computers, as they don’t know what they might be infected with. Although less common now, USB viruses are still highly prevalent.
Following these steps will allow your organisation to take advantage of mobile working while keeping sensitive company data fully protected.