Business today increasingly relies on a remote workforce, designed to provide flexibility, global reach, and access to employees and freelancers at any time from any device. While remote mobility has been a valuable asset that helps companies succeed, the strategy also leads to a greater risk of cyberattack.
As businesses use more remote devices to connect to networks and access data, companies must take steps to protect their critical infrastructure. When working in an office and directly connected to a network, employees are using devices that are enveloped in multiple layers of protection. When devices leave the network perimeter, new threats come into play.
Alan Helbush, a Bay Area IT Services provider offers 13 tips for maintaining cybersecurity.
1. Develop Policies
Companies need to develop policies on the use of devices and network access, especially if the business uses a bring-your-own-device policy. These policies can be enforced with administrative and technical controls.
2. Avoid Public WiFi
While the ability to tap into a network in an airport, coffee shop or other public place is convenient, it also exposes devices significantly. For one, other people are connected to the network and, with no firewall between devices, hackers can mount attacks from across the room. Second, observers on the public network or any other public network that data hit on the way to or from the workplace can look at your traffic.
3. Patch and Update
Software and hardware vendors are constantly upgrading and updating their products, which can be automatically delivered to your device-holders. A failure to update is one of the most common causes of a cyber hack.
4. Don’t Share and Keep an Eye On ‘Em
Employees should not share devices with friends, coworkers or visitors. Devices should automatically lock when inactive for even a brief time. Mobile devices, like luggage in an airport, should never be left unattended in public or a vehicle.
5. Insist on Strong Passwords
Password policies are an important defense. Consider policies that call or complex passwords or passphrases that require combinations of uppercase and lowercase letters, numbers and special characters. Set timeframes for when passwords need to be changed. Also, consider using two-factor authentication for applications and access to files. Two-factor authentication uses a known identifier, such as a password, and an unknown identifier, such as a one-time-use code that is texted or emailed.
6. Log Out
Remote users should be encouraged to log out of all applications, websites and accounts when working remotely. Unclosed sessions online are like leaving your door to your house open, inviting thieves to walk right in and steal.
7. Turn Off Connectivity
When you’re not using WiFi or Bluetooth connectivity on your mobile device, deactivate these features. If you need to send anything confidential or sensitive or connect to your office, use a virtual private network (VPN) connection, a personal hot spot or a private, password-protected WiFi network.
8. Restrict USBs
You should only connect company-issued USB drives to a mobile device. Other devices can contain unexpected risks. If you’re using a public phone charging station or other unknown USB charging port, such as at an airport, you should use a USB data blocker to restrict unwanted data exchange and block malware.
9. Beware of Phish
Phishing attacks are a common way of gaining access to credentials, devices and networks. IT consulting companies share that phishing emails usually are built to look like an official email but can contain attachments or links to websites that put malware on your device. Remind employees to never send passwords, names, addresses, credit card information or other credentials over email.
10. Prepare for the End of Life
Be sure your company has a procedure for the disposal of obsolete devices. There should be secure disposal practices that include comprehensive wiping.
11. Insist on Work Data Policies
Your company should not allow employees to send work data to use on personal devices that may not have the same precautions as work devices.
12. Lock the Laptop
When not in use, laptops should be kept in locked, secure cases and storage.
13. Don’t Use Public Computers
Using a hotel business center computer or library computer is a huge risk and should be discouraged or forbidden by policy.
IT Companies want you to understand these tips that will help employees use mobile devices safely while working remotely.