8 for ’18: Checklist To Secure Your Corporate Network From Mobile Device Risks

8 for ’18: Checklist To Secure Your Corporate Network From Mobile Device Risks

8 for ’18: Checklist To Secure Your Corporate Network From Mobile Device Risks

Hackers love that we are connected outside the office environment more than ever. Mobility brings greater vulnerability to the corporate network the moment employees check email on phones, connect laptops to public WiFi. Having a good policy in place and exercising extra vigilance is key. Take our quick checklist test to see if your firm is covering all the bases for mobile device security.

  1. Encryption

At Options, we advocate that all user laptops leverage full disk encryption. This makes it nearly impossible for any hacker to access the information without knowing the individual encryption key – so even if they get their hands on the device, they can’t do much with it!

How does Options Encrypt? Windows Bitlocker

  1. 2 Factor Authentication

One password just doesn’t cut it anymore. Widely available “common password” lists are available online for use in brute force attacks. While complex passwords have been introduced to combat that, in truth, the more complexity required the more chance you have of the user just writing it on a sticky note on the laptop itself. Having that extra layer of security renders login credentials useless on their own, and protects your data.

How does Options implement this? Duo Security.

  1. Patch Compliance

In addition to a robust patch cadence, make sure each device is 100% compliant with all patches deployed. Given that 90% of exploits occur in the 90 days after a software update is released, we recommend finding a solution that can also patch devices when off the network.

So for those mobile employees that may not be connected to the corporate LAN when the next patch cycle runs, you can still patch the device remotely and have the reports to check compliance. For those devices out of compliance, additional controls can be put in place to block users from logging into the domain (such as disabling computer objects, posture assessment, etc).

How does Options stay up to date with Patches? Ivanti Patch For Windows agent.

  1. Up-To-Date AntiVirus

Having current software versions and virus definitions are critical to ensuring the latest security updates are implemented (in fact, Microsoft has recently made anti-virus compatibility a prerequisite for all Windows security updates). Like patch compliance above, having the ability to update virus definitions on devices off the network is key. This should be supplemented with accurate reports so you know if there are problems.

How does Options comply? Trend AntiVirus

  1. Mobile Device Management

One of the best ways to secure mobile devices is to use a Mobile Device Management (MDM) solution. This will allow proactive security to be enforced, e.g. encryption, as well as reactive capabilities, e.g. remote wipe and geolocation for lost or stolen devices!

How does Options comply? MobileIron

  1. Corporate 3G/4G Dongles & VPN & for Internet Browsing

Everyone by now is aware of the inherent risks associated with connecting over public WiFi and Bluetooth, but secure connections can still be possible on the go. By tethering laptops to their phone or 3G/4G WiFi dongle, your mobile employee can avoid connecting to public hotspots entirely and keep other unwanted connections at bay.

By additionally enforcing a corporate VPN to access the internet, all that user traffic traversing the public domain will be encrypted and therefore less susceptible to data compromise. You’ll also be availing of additional protections your company uses such as web filtering to avoid exposure to malicious sites, for example.

With the recent Krack WiFi vulnerability, this should be bumped up on the priority list!

How does Options implement? Fortinet VPN.

  1. Avoid Public Charging Stations

Who doesn’t love the convenience of a charging station in the airport as a laptop or phone runs out of juice? User beware – hackers are on to this too! As tempting as that USB port may be as the low battery warning flashes on a client call, your users should keep that device under her control by plugging a charger directly into an electrical outlet.

  1. Last But Not Least, User Awareness Training!

Common sense abounds: continue to check WiFi/Bluetooth settings; disable when not in use; use secure protocols (HTTPS, SSH, SFTP), shut down laptops rather than using standby.

Most importantly, be cognizant that hacking the device is not the only danger. Sensitive corporate information can be surreptitiously captured outside the office from recording phone calls to taking screenshots of data on an open laptop so be mindful of your environment and use privacy screens in public places.

Hackers are inventive – they are always looking for new ways to exploit today’s technology so stay current and alert employees as each new security risk is exposed.

— John Gracey, VP Cybersecurity

Leave a Reply

Your email address will not be published. Required fields are marked *