Cyber security is a hot topic these days and digital breaches are seen as another form of terrorism. With globalization and technology everchanging, it is inevitable that workforces will become more and more mobile, putting companies at higher risk of a potential breach. So, how do you combat the cyber security war within a mobile workforce?
Here are 4 ways to combat cyber security:
Mobile software and hardware setup
Just like server security there are few ways to protect your data on a device. Using anti virus software to eliminate any Trojan or other spying viruses will keep you relatively protected behind the scenes. Use all available OS options to lock ports and data connections to restricted IP addresses. In this area we try to eliminate the user from connecting to potentially harmful sources or opening harmful files (block social media or private emails). The device in service should be locked down as much as possible; this can be done with the network firewall options or proxy.
Never keep sensitive info on the device
Every time customer information is entered on a device or a signature is captured, information is transmitted to the server. At this point all local files or records should be removed from the device securely. Even if information is encrypted on the device, this information is sensitive and is no longer relevant to the mobile user and should be removed. Devices should only hold sensitive information for a very short time. It is always possible to retrieve this information back from the server at a later time (or part of it). Sensitive information can include credit cards details, address, telephone, images of signatures and even log files.
Encryption of all data locally
Devices are highly sensitive to physical access as they are small, easy to misplace or easily stolen. If a device falls into to the wrong hands, the physical hardware (hard disc) can be accessed and scanned. All data stored locally must be encrypted so any unauthorized access to the device data will not result in a data access breach. A data breach can not only occur by the device being lost or stolen but also by scanning viruses and other malicious software.
Use secure networks over VPN connections using SSL
Most organizations allow users to connect to the internal network and access private resources, but for mobile, the user is not actually connected to the private network if he is outside the premises using public network services like 3G or WiFi. Using a VPN (Virtual Private Network), the user, although remote is connected to a private network, accessing all resources and hidden from public view. SSL makes communication transportation encryption, so any access to the packet transmission is more secure than sending it as clear text. There should be no access to internal resources without a VPN.
Closing all public networks and WiFi connections
To be on the safe side with mobile distribution, it can be considered safe to only allow specific network connections or just one mobile provider. If a device is connected to any public WiFi network, the network has tracking information (MACAddress) on the device and other information can be extracted (from unprotected device). Some companies are even making it policy that commercial mobile devices should not connect to any public network what so ever.
Employ restricted access policy
Users see only what they need to see. On many mobile devices users also have access to internal resources like email, shared files and so on. It is important to separate the user access options from inside the network (from a desktop on a LAN) to access from a mobile device, even on a VPN, the authorization should restrict the user access by the connection source as well. For example, users can access their emails but cannot access the shared file drive from the mobile device. This may seem restrictive but if a mobile device is breached, the hacker or intruder will have access to internal resources which otherwise could only be accessed from location (office).
Train employees on the safe use of their mobile devices
Informing them on the importance of frequent password changes, connecting to a secure network and what sites or apps that are potentially opening their device and employer to such risk.
What to do in case a device is lost or stolen, how to report it and to whom.
Instill a culture of personal accountability & responsibility
Your employees are representing your oganisation while they are out in the field and this extends to cyber security vigilance. They need to ensure that client/customer details are used appropriately and not all transactions are finalized and closed down appropriately on their mobile device.
How does your organization protect their mobile workforce against a cyber attack?