none

EVERY COMPANY NEEDS TO HAVE A MOBILE PHONE AND PORTABLE DEVICE POLICY… AND ENFORCE IT

13-03-2017
by 
in 

Licensed private investigator and forensic consultant Luke Athens offers some tips you should consider to protect yourself if you don't have a policy in place.

As more and more portable electronic devices are introduced into the enterprise environment through BYOD (bring your own device) policies, the greater the risk to the company – and not just from the standpoint of viruses and malware. Intellectual property is now the biggest issue that needs to be addressed.

To identify the risks in your working environment requires a simple probability calculation based on several considerations. Any device that is introduced into the workplace can be considered a BYOD, and this commonly includes: laptops, USB devices, mobile phones, tablets, memory cards and dongles.

So what risks apply when introducing BYODs into the office environment? This article breaks the risks down to two categories: security and intellectual property.

Security

If your company has no electronic device or BYOD policy in place you are effectively opening all the doors and windows to your enterprise and allowing people to enter at any time they wish. Just like a cold or flu, a digital virus can be transmitted from one person to another via simple contact, and in some cases can be transmitted through the air to another victim.

Whenever you bring a device into your workplace or when a BYOD connects remotely with your system, it has the potential to infect other connected devices. This is a major security issue for your business and the privacy of your valued clients.

There are now more mobile electronic devices in the world than computers. And hackers are now concentrating more on penetrating mobile devices than “regular” computers. In part this is due to the recent increase in the quantity of flash memory in mobile devices. Mobile banking has become increasingly popular for small businesses, and the sheer amount of personal data stored on a portable device makes it a more interesting target.

Portable mobile devices are likely to connect with more surrounding environments more frequently, and this has the potential to spread a virus quicker than a single attack on a server or single PC. Just keep in mind when connecting a portable device to your local environment that malware and viruses can be duplex. So if a server or PC is compromised and you connect your handset, the infection can spread to the handset  - and vice versa.

In some cases a user that connects a device to the workplace can override security protocols, leaving the business at risk if the correct policies are not present. Viruses, malware and trojans are becoming more sophisticated, hiding code so that scans and security processes will see a file to be clean even though it’s actually harmful.

Most problems and hacks occur due to poor staff training and knowledge. So it is vital in any organisation to educate employees on the basic issues. Here are some tips:

1. Educate staff via workshop training programmes and policies (prevention is the best cure).

2. Don't jailbreak an IOS (Apple) device; this is a process that removes the integrity and security components of the handset.

3. Don't root (Android) devices as this removes the integrity and security components of the device.

4. Ensure you have a single unified security platform that is able to communicate across all devices. This reduces the risk of external viruses being introduced into the workplace environment.

5. Systems such as remote wipe functions for mobile phones and location services should be enabled. In this way, if a portable device is stolen or misplaced, you can delete the data so it doesn't end up in the wrong hands.

6. Ensure that a complex password policy is enforced along with an auto lock feature.

7. Consider your next mobile. Don't just pick a phone because of its design, think about the security components. One mobile to consider is the Blackphone 2 from Silent Circle.

Intellectual property

Intellectual property (IP) refers to creations of the mind, such as inventions, literary and artistic works, designs, and symbols, names and images used in commerce. It also includes information gathered by your company, such as your client database.

Most companies that contact us about intellectual property theft today are concerned about internal threats: employees who might take a company’s client list with them when they leave. Although, that being said, this is more common in certain industries than others.

Another major issue causing clients to come to us is when they have been hacked. This is where your policy and procedures should have saved you! However, most companies do not enforce or have policies to protect their sensitive intellectual property.

I'm amazed how many companies today do not have even basic policies in place. Most small- to medium-size businesses believe they are doing the right thing by having some basic security software and that should protect them. You should have as a minimum, a backup policy (daily) perhaps an offline back system, passwords and/or encryption. Think about minimising who has access to your client database.

We understand that your staff may need client information to conduct their day-to-day activities; however, there are other alternatives. Logs and transfer details should be stored so that you can identify who, when and how long or how much data was transferred during any employee log in.

If staff are aware that everything is logged and recorded we dramatically reduce the risk of intellectual property theft from within.

If you need advice, systems, policies or staff training feel free to contact Luke Athens.

International Intelligence Agency
1300 738 400
www.spy4u.com.au

Related news & editorials

  1. 20.07.2018
    20.07.2018
    by      In
    A synergy is developing between the digital world of the Internet of Things (IoT) and the physical world of industrial manufacturing. This synergy between physical and digital has stimulated factories and production to start their evolutionary journey towards a future characterised by the... Read More
  2. 17.07.2018
    17.07.2018
    by      In
    Has productivity diminished drastically in your warehouse? Are operations becoming more complex on a day-to-day basis? Are routine tasks seeming more challenging and overwhelming despite once being simple and easy? Are workers struggling to get assignments done in prescribed time frames?
    These are... Read More
  3. 02.07.2018
    02.07.2018
    by      In
    The consumerisation of IT/ERP has generated opportunities for businesses to create more productive and satisfying working environments, where staff are empowered to do their jobs better, without having to work harder. By ensuring that their ERP systems offer an engaging and rewarding experience,... Read More
  4. 25.06.2018
    25.06.2018
    by      In
    Over the recent years, advancements in technology have allowed a massive growth of efficiency and sustainability in odour control systems. With traditional methods typically involving chemical dosing systems to treat and manage odour control, recent environmental breakthroughs focused on... Read More