Our next topic for Nation Cyber Security Awareness Month (NCSAM) focuses on another area of concern for business security. With around 235 million people using a smartphone in the United States, it is important to have a Bring Your Own Device (BYOD) Policy in place to help protect your IT infrastructure. Allowing employees to use their personal devices – such as cell phones, tablets and laptops – to access work-related data in the office or out in the field boosts productivity and cuts costs for businesses by not having to purchase the devices themselves. But it also opens your network up to all forms of cyber attacks.
Make Sure Employees Practice Safe Device Habits
Even though employees are using their own personal devices, it is critical that they practice safe device habits to help prevent hackers from gaining access to your network and precious business data. Giving employees a clear understanding of what is expected when using their personal devices to connect to internal networks is beneficial for them and for you. Here are a few DOs and DON’Ts that will help keep personal devices and your data safe.
- DO use a pin number, password, pattern or biometrics to lock your device – It is helpful to lock your mobile device to prevent information from getting stolen should it get lost. This will physically help protect your device from unauthorized users accessing sensitive data.
- DON’T use public Wi-Fi networks – It is common these days to go to your local café or favorite lunch spot and hop on to their free Wi-Fi network so you don’t have to use the data service through your mobile provider. But the problem with public networks is sometimes hackers use them to distribute malware or even intercept the data you are sending wirelessly. Even if the network needs a password to connect to it, it doesn’t necessarily mean it’s secure.
- DO use a VPN (virtual private network) – A VPN connection allows you to securely access private networks when using a public internet connection. So if you do find yourself in a café (as mentioned above) hotel, airport, or any other place that offers Wi-Fi, a VPN will help keep your data from prying eyes.
- DON’T download apps from 3rd party app stores – Google Play and Apple AppStore are the official app stores for Android and Apple devices (respectively). App developers must follow strict guidelines and apps are closely vetted before being added to Play and AppStore (even though malicious apps can even sneak in to those from time to time). However, there are also a number of unrestricted 3rd party app stores that may not apply the same level of scrutiny. It’s best to avoid downloading apps from these stores but if you absolutely must, do some research on the app by reading reviews and by visiting the app developer’s website.
- DO make sure apps and operating system are always up-to-date – In our previous NCSAM article, we talked about the importance of keeping IT equipment updated and patched. Mobile devices are no different. Cyber criminals target hardware and software that is outdated to infect them with viruses and steal data. It’s imperative to make sure your device’s operating system (OS) and apps are always updated to the latest version. Last year, it was discovered that a vulnerability in WPA2 (Wi-Fi Protected Access 2) allowed attackers within wireless range of a Wi-Fi network to recover data being sent using KRACKs (Key Reinstallation AttaCKs). Most device manufacturers quickly released a security update which patched the vulnerability.
Mobile Device Management
Implementing a Mobile Device Management (MDM) solution allows you to manage, monitor and secure mobile devices that connect to the organization’s network. Some of the many benefits include pushing out software updates automatically, enforcing security policies, wiping data from lost or stolen devices and monitoring network activity – all from a centralized dashboard.
Ask your IT staff what policies and tools your company currently has in place and what you may need to implement to keep your employees’ devices safe and from infecting your network. If you have any questions, feel free to give us a call! We’re always willing to help and can recommend some of the solutions we have in place to protect our Texas Systems Group BrightStar Managed Service Clients.