none

EVERY COMPANY NEEDS TO HAVE A MOBILE PHONE AND PORTABLE DEVICE POLICY… AND ENFORCE IT

13-03-2017
by 
in 

Licensed private investigator and forensic consultant Luke Athens offers some tips you should consider to protect yourself if you don't have a policy in place.

As more and more portable electronic devices are introduced into the enterprise environment through BYOD (bring your own device) policies, the greater the risk to the company – and not just from the standpoint of viruses and malware. Intellectual property is now the biggest issue that needs to be addressed.

To identify the risks in your working environment requires a simple probability calculation based on several considerations. Any device that is introduced into the workplace can be considered a BYOD, and this commonly includes: laptops, USB devices, mobile phones, tablets, memory cards and dongles.

So what risks apply when introducing BYODs into the office environment? This article breaks the risks down to two categories: security and intellectual property.

Security

If your company has no electronic device or BYOD policy in place you are effectively opening all the doors and windows to your enterprise and allowing people to enter at any time they wish. Just like a cold or flu, a digital virus can be transmitted from one person to another via simple contact, and in some cases can be transmitted through the air to another victim.

Whenever you bring a device into your workplace or when a BYOD connects remotely with your system, it has the potential to infect other connected devices. This is a major security issue for your business and the privacy of your valued clients.

There are now more mobile electronic devices in the world than computers. And hackers are now concentrating more on penetrating mobile devices than “regular” computers. In part this is due to the recent increase in the quantity of flash memory in mobile devices. Mobile banking has become increasingly popular for small businesses, and the sheer amount of personal data stored on a portable device makes it a more interesting target.

Portable mobile devices are likely to connect with more surrounding environments more frequently, and this has the potential to spread a virus quicker than a single attack on a server or single PC. Just keep in mind when connecting a portable device to your local environment that malware and viruses can be duplex. So if a server or PC is compromised and you connect your handset, the infection can spread to the handset  - and vice versa.

In some cases a user that connects a device to the workplace can override security protocols, leaving the business at risk if the correct policies are not present. Viruses, malware and trojans are becoming more sophisticated, hiding code so that scans and security processes will see a file to be clean even though it’s actually harmful.

Most problems and hacks occur due to poor staff training and knowledge. So it is vital in any organisation to educate employees on the basic issues. Here are some tips:

1. Educate staff via workshop training programmes and policies (prevention is the best cure).

2. Don't jailbreak an IOS (Apple) device; this is a process that removes the integrity and security components of the handset.

3. Don't root (Android) devices as this removes the integrity and security components of the device.

4. Ensure you have a single unified security platform that is able to communicate across all devices. This reduces the risk of external viruses being introduced into the workplace environment.

5. Systems such as remote wipe functions for mobile phones and location services should be enabled. In this way, if a portable device is stolen or misplaced, you can delete the data so it doesn't end up in the wrong hands.

6. Ensure that a complex password policy is enforced along with an auto lock feature.

7. Consider your next mobile. Don't just pick a phone because of its design, think about the security components. One mobile to consider is the Blackphone 2 from Silent Circle.

Intellectual property

Intellectual property (IP) refers to creations of the mind, such as inventions, literary and artistic works, designs, and symbols, names and images used in commerce. It also includes information gathered by your company, such as your client database.

Most companies that contact us about intellectual property theft today are concerned about internal threats: employees who might take a company’s client list with them when they leave. Although, that being said, this is more common in certain industries than others.

Another major issue causing clients to come to us is when they have been hacked. This is where your policy and procedures should have saved you! However, most companies do not enforce or have policies to protect their sensitive intellectual property.

I'm amazed how many companies today do not have even basic policies in place. Most small- to medium-size businesses believe they are doing the right thing by having some basic security software and that should protect them. You should have as a minimum, a backup policy (daily) perhaps an offline back system, passwords and/or encryption. Think about minimising who has access to your client database.

We understand that your staff may need client information to conduct their day-to-day activities; however, there are other alternatives. Logs and transfer details should be stored so that you can identify who, when and how long or how much data was transferred during any employee log in.

If staff are aware that everything is logged and recorded we dramatically reduce the risk of intellectual property theft from within.

If you need advice, systems, policies or staff training feel free to contact Luke Athens.

International Intelligence Agency
1300 738 400
www.spy4u.com.au

Related news & editorials

  1. 11.09.2020
    11.09.2020
    by      In , In
    As we entered 2020, nothing could have prepared Australians that we were set to face economic turmoil not seen since the Great Depression, borne out of a global virus.
    While we don’t know the precise effects of this virus nor in turn the economic consequences, what we do know is that we are... Read More
  2. 10.09.2020
    10.09.2020
    by      In
    This article isn’t all about how to ensure your investment in automation is the best value for money today, but rather about ensuring your investment in technology is flexible enough to create viable options for your business well into the future.
    This will save costs for your company many times... Read More
  3. 09.09.2020
    09.09.2020
    by      In , In
    Manufacturing will be crucial to Australia’s recovery from the COVID-19 pandemic.
    That has been acknowledged in the Morrison Government’s interventions to ensure that there is a stockpile of personal protective equipment for healthcare workers and ventilators for ICUs.
    But the Government also needs... Read More
  4. 09.09.2020
    09.09.2020
    by      In , In
    There isn’t a single industry that remains unaffected by COVID-19. During the period in which all Australian non-essential retail stores were closed, and much of the population was required to stay at home to slow the spread of the virus, there was naturally a surge in online purchases and home... Read More