How Companies Can Stay Secure When Introducing BYOD Policies

By | September 23rd, 2016|Business Security|

CSIDBring your own device (BYOD) policies continue to grow in popularity. Employees and employers alike are enjoying the flexibility of using their own devices for work, so much so that we’re starting to see the workplace itself evolve. While we’ve seen many benefits to these policies (productivity, cost savings), it’s important to note that creating a BYOD policy without security in mind may put company data at risk.

BYOD policies may mean an increased risk for employee error. For example, a recent survey found around 40 percent of respondents said they never change their passwords on devices except when prompted to do so. Forty percent also said they use the same passwords across multiple websites. Such poor employee password habits can leave the door wide open for criminals, as we demonstrated last year, when hackers were able to infiltrate our fictional small business, Jomoco, in less than an hour.

However, a thorough understanding of the strengths, preferences and limitations of the average employee can address these security gaps. Here are best practices and recommended tools to implement effective BYOD security measures for your company:

BYOD best practices:

  • Develop a BYOD policy in partnership with IT, risk management, and legal counsel. Keep an open line of communication with IT so they can quickly communicate new and emerging threats of which employees should be aware of.
  • Educate employees on BYOD security best practices regularly. It should never be assumed that your employees understand all the guidelines spelled out in your policy.
  • Require your employees to create long, strong and unique passwords, and encourage employees to take advantage of two-factor authentication wherever possible.
  • Require that employees password protect their mobile device if it hosts company information.
  • Require your employees to update their software on devices when prompted. These updates typically address security vulnerabilities.
  • Require that employees quickly report any lost or stolen devices. Swift response allows you to mitigate the risk of sensitive information falling into the wrong hands.

BYOD tools:

  • Use a secure alternative to open Wi-Fi networks. Provide employees with access to a VPN or hotspot.
  • Create and provide standard antivirus, anti-malware protection for all types of devices.
  • Consider enlisting the support of a proactive monitoring service for your company. By proactively monitoring for employee credentials on the dark web, businesses can determine when an employee’s personal information may have been compromised.

As a closing thought, always keep in mind that threats are constantly evolving, so a good BYOD policy is never complete. Just like any business process, BYOD polices should be reviewed and updated on a regular basis.

To stay up to date with all business security news, be sure to follow us on FacebookTwitter and LinkedIn.

 

Cybersecurity Tips for Working Remotely

By | September 16th, 2016|Business Security|

CSIDFor 3.7 million Americans, waking up and logging onto a computer from the comfort of their home marks the start to their workday. According to Global Workplace Analytics’ 2016 study, 50 percent of the US workforce is now permitted the luxury to partially telework during the workweek. This trend continues to edge toward the norm. In fact, the ability to work remotely, for the greater, non-self-employed population, has grown 103 percent since 2005.

While more opportunities to work remotely may reflect the emerging modern workplace, there are several factors employers and employees should weigh and discuss to ensure security is top of mind.

If your job allows employees to work remotely, consider the following:

Employees: Protect Your Home

  • Use strong, cryptic passwords on all of your work and personal accounts. Resist the urge to duplicate passwords.
  • Use two-factor authentication whenever offered for both work and personal accounts.
  • Personal and work devices should be equipped with the latest antivirus software, web filtering, firewalls, and encryption. Always make sure your devices and software have the most up-to-date versions to help safeguard information.
  • Work with your company’s IT department to set up a virtual private network, or VPN, to add another layer of security to your home’s internet.

Employees: Working Elsewhere

  • Employees should keep personal and work devices password protected in the event they are stolen or misplaced.
  • Avoid accessing sensitive company accounts on public Wi-Fi or unsecured networks. Public Wi-Fi can increase the risks of signal sniffing and compromise personal accounts, as well as professional networks. Many hackers set up accounts that mimic the names of frequented locations, hoping to steal from unknowing users. Consider using a VPN to access company data, or using your cell phone as a hotspot.
  • Be aware of your surroundings. Consider a screen protector and make sure sensitive calls are made in private.

Employers: Create a Cybersecurity Policy for All Employees
To help foster a conversation and environment committed to cybersecurity, organizations should create a cybersecurity policy and make staff training and security education a priority. In a recent episode of Firewall Chats, Michael Kaiser, executive director at the National Cyber Security Alliance, discussed creating a culture of cybersecurity at work.

“[Policies need] to be reinforced,” Kaiser said. “It can’t be a one and done kind of thing. It has to really be periodic. … Reminding people of the value of the information that an organization holds and the responsibility they have to protect it. When people give you their information, they expect you to protect it.”

To create a cybersecurity policy:

  • First, identify the security risks and threats that may affect your business
  • Develop clear policies and procedures for all employees, whether on-site or off-site
  • Train all employees on your new (or existing) cybersecurity policies
  • Create and maintain a process to help reward policy followers and address offenders
  • Define and address third party and vendor risks
  • Work closely with your IT department to detect and address unauthorized activity

Creating a culture of cybersecurity will help safeguard employees and company data, regardless of where they work. Employees, do you have the ability to work remotely? Are you aware of the security steps needed to help keep your company safe? Share your experiences on Facebook, Twitter and LinkedIn.

 

Load More Posts