As we all transition back to work, many offices are now operating a hybrid working environment where teams work partly in the office and partly at home. The pandemic has shown us that with the right equipment we can work from anywhere, but how do you stay secure and protect sensitive business data? If your devices are being used in different locations, the risk of a breach, loss, theft and damage multiply.
The 2021 Government Cyber security Breaches Survey states;
‘Among the 39 per cent of businesses and 26 per cent of charities that identify breaches or attacks, one in five (21% and 18% respectively) end up losing money, data or other assets. One-third of businesses (35%) and four in ten charities (40%) report being negatively impacted regardless, for example because they require new post-breach measures, have staff time diverted or suffer wider business disruption.’
Here are our best practices for ensuring your data stays safe and should the worst happen, it becomes inaccessible but your business can continue to operate.
Passwords
These are your first line of defence so password protect all of your business devices and systems that hold sensitive information. In the case of handsets and tablets, use facial or fingerprint recognition initially with a passcode backup. Always change admin passwords on new devices too.
Where possible push regular password changes on hardware, software and apps so employees get into the habit of regularly changing them. You can often make a strong password mandatory also so it must contain upper and lower case, special characters or be of a certain length.
Mobile Device Management (MDM)
You can deploy this on all employee devices enabling them to be controlled via a single platform. There are some great options out there on the market and you can use them to ringfence apps, enforce policies, remote wipe and disable.
MDM platforms also allow you to pre-select websites and apps that the device holder can use as well as configure WiFi and VPN settings and restrict things like data roaming. There are a host of features that different providers offer such as device location tracking and access based on departmental hierarchy too.
Encryption
Using full-disk encryption for your devices means that you’ll have an exterior guard around the hardware of each device. Comparable to locking the exterior doors in your house, it protects the contents from any unwanted intruders. So if a device gets lost, stolen or hacked, its impossible to get to sensitive data without the password.
It’s worth mentioning here that you must keep encryption passwords or keys in a secure location, they need to be completely separate from your stored backups.
Patch operating systems & software
If you don’t undertake regular patching of the software on your devices and an employee installs a new app, this could become a gateway for malware. If they aren’t kept up to date and regularly fixed the opportunity for a breach increases.
When you buy a new business device or install any new software check for updates straight away. Also bear in mind that if you are running an unsupported product, software vendors are not required to provide updates. This is especially prevalent with Microsoft, so make sure as part of your business continuity plan that any outdated systems are upgraded or decommissioned when support expires.
Firewalls for software and hardware
By ensuring Firewalls are installed you’ll help to fend off malware and hackers, you can also stop unsecured or inappropriate web browsing by employees. For a robust base, install your firewalls on every networked device in your estate.
A VPN can really help here too as well as an intrusion detection system for added layers of security.
Web & email filtering
Malware can easily end up coming in from clicking spurious link or visiting a website that may be masquerading as a legitimate one. Its very easy to get caught out nowadays as hackers are honing their skills to trap even the most savvy of users.
Web and email filtering will help to prevent inbox spam and email hacking as well as blocking any websites that are deemed as unsecure. There are blacklist services you can download too that will give you a list of untrustworthy sites to block.
Employee education is important here as they will be at the forefront of any breach that comes in via these means. Hold regular training sessions and circulate screen shots of emails doing the rounds that they should be aware of.
Decommissioning devices
If data from your company gets into the wrong hands it could be disastrous. All devices must be wiped correctly before you move them on to another employee, donate them or dispose of them.
Ensure you have a robust policy here where nothing is able to slip through the net. You could consider using an ISO standard company or charity to do this for you, but as a best practice, you’ll need the process to be written up into your business continuity plan.
As always, Cloud Heroes are here to help and advise on all aspects of business continuity, simply call us or drop us an email to speak with our friendly team.