Critical Cybersecurity Protocols To Implement

Uploaded on 2016-12-09 in NEWS-News Analysis, JOBS-Careers, FREE TO VIEW

Employees in the office or out and about are commonly using mobile devices, yours and theirs.  Your network is vulnerable wherever they are. 

It used to be that workers would come into the office, sit at their desk, work for eight hours (with a break for lunch in there somewhere), and then go home. Now, however, work is moving out of the office and into, well… everywhere else. With teleconferencing, smartphones, cloud computing, and a long line of other mobile technologies, today’s workforce has evolved. Workers are used to always being on the go.

For that to be possible, though, they need to be able to access their work data from anywhere. The world has adapted to the point where that “always connected” mentality is necessary. The problem with being able to access your data from anywhere, though, is that other people can find ways to access that data, too—people you don’t want going through customer information, company financial records, and other secure data.

Security provider Blue Coat reports that the average data breach costs an organization $10,000, with some breaches being more commonly reported in the tens of millions. In order to lower the risk of such a breach, it’s wise to put security protocols in place and map the process out on in a step-by-step format via workflow management software for the entire organization to see. Here are a few protocols you should keep in mind when creating this process internally.

Install malware protection software

Mobile malware used to be uncommon, but its popularity is growing. In the past, it was difficult to infect an Apple mobile device with malware, because it required the user either to actively download an infected app from Apple’s store or to jailbreak their phone in order to install their own unauthorized apps. In 2015, however, it was discovered that attacks using XcodeGhost and YiSpecter did not require those same vulnerabilities. To counteract these and similar threats, companies should make sure that any device employees use to access the company’s network or records has malware protection installed.

Update apps as soon as possible

Cybercriminals are working day and night to find and exploit new vulnerabilities, and the people who built the apps they are attacking are working just as hard to fix those vulnerabilities. Get your employees in the habit of keeping all apps on their phones, laptops, and other devices they use to connect remotely in order to remain protected against breaches.

In the same vein, enforce a policy that regulates which apps employees can and cannot download or access using the company network.

Require a PIN/passcode for all mobile devices

Criminals looking for secure data may not even need malware if they can get their hands on an employee’s mobile device. Whether the employee has stored the secure data on their device or regularly uses it to access the company network, it presents a vulnerability. The first step to closing this security gap is a simple one—require all employees to utilize a PIN or passcode in order to unlock the phone. Make sure that it is a secure password and that it locks within five minutes.

When it comes to passcodes, longer is generally better. A four-digit PIN means there are 10,000 possibilities, but professional hackers won’t be deterred. On iOS, your employees can go into settings and turn the “Simple Passcode” setting to Off.

Set up devices for remote wipes

If one of your employees actually does lose their phone, whether it was stolen or misplaced, you don’t want that data to be outside of your control. If all else fails, you need to be able to take that information out of the wild. 

Set up your devices so that, in an emergency, you can access it remotely and wipe all of the data stored on it. Depending on the type of device your employees are using, this might require you to download a special app, or it might come as part of the standard suite. With the remote wipe enabled, a lost device will still be the loss of an asset, but it won’t necessarily become a security breach.

CTO Vision:               BYOD Security Report:
 

« AI Ushers In A Whole New Era Of Hacking
China's Great Wall Into Russian Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Hodgson Russ

Hodgson Russ

Hodgson Russ is a US business law firm. Practice areas include Privacy, Data Breach & Cybersecurity.

EY Advisory

EY Advisory

EY is a multinational professional services firm headquartered in the UK. EY Advisory service areas include Cybersecurity.

Nuvias Group

Nuvias Group

Nuvias Group is a specialist value-addedd IT distribution company offering a service-led and solution-rich proposition ready for the new world of technology supply.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

Crosser

Crosser

The Crosser Platform enables real-time processing of streaming or batch data for Industrial IoT, Data Transformation, Analytics, Automation and Integration.

TechBeacon

TechBeacon

TechBeacon.com is a digital hub by and for software engineering, IT and security professionals sharing practical and passionate guidance to real-world challenges.

Attack Research

Attack Research

We go far beyond standard tools and scripted tests. Find out if your network or technology can stand real-world and dedicated attackers.

eLearnSecurity

eLearnSecurity

eLearnSecurity is an innovator in the IT Security training market providing quality online courses paired with highly practical virtual labs.

swIDCH

swIDCH

swIDch is a technology company that aims to eliminate CNP (card not present) Fraud.

Jacobs

Jacobs

Jacobs is at the forefront of the most important security issues today. We are inspired to be the best and deliver innovative, mission-focused outcomes that matter to our clients.

Shorebreak Security

Shorebreak Security

Shorebreak Securioty specialize in conducting highly accurate, safe, and reliable Information Security tests to determine the risks posed to your business.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

Cyrex

Cyrex

Cyrex is a Web3 security and development company. Our mastery over decentralized applications, smart contracts and blockchain will keep you secure across Web3.