Today’s successful businesses run at the speed of light, requiring employees and corporate assets to be available and accessible 24×7. Enterprises must find ways to allow rapid, flexible access while protecting themselves from serious risk. When employees travel with corporate data on laptops and other mobile devices, it becomes increasingly difficult to manage and control such data, or even know if it’s being protected, thereby creating a “mobile blind spot” that has the potential to wreak havoc on your corporate communications network.
Identifying key mobile blind spots and taking steps to protect data in transit is critical to protecting your business. This slideshow outlines five real-world tactics identified by Qwest that you can use to enhance mobile security in your organization. These tactics will help provide your workforce with the flexibility it needs to be productive anywhere, anytime, while protecting valuable corporate assets and the enterprise network against imminent security breaches and risk in an expanding mobile world.
Click through for five real-world tactics identified by Qwest that you can take to reduce your company's risk while your data is mobile.
No insight equals no awareness. If you’re not aware of what’s going on in your network, your data could be at risk. An IT operations tool that can provide visibility to all corporate assets, including laptops, USB drives, phones and other portable devices is essential to preventing breaches. Such a tool provides a single pane of glass through which IT staff can monitor all mobile devices carrying corporate data and helps enforce policies based on visibility; in other words, if the IT department can’t track activity on a device, access over the corporate network will be denied.
Monitoring services help reduce risk by enforcing that devices are in compliance with corporate security policies, and by identifying devices that are out of compliance. They determine whether or not devices are running the right versions of the right software with the appropriate access rights. The service should also provide reporting on failed compliance and be able to take actions to remediate the issue.
A second tactic to improving mobile security is to protect and update business endpoints — that is, mobile computers and any other device used to access corporate data. This is critical, even when the endpoint is not connected to the LAN. Users can connect to the Internet and unintentionally download viruses and worms that can infect the machine, which can in turn transfer the virus or worm to the corporate network once connected. Protection from startup to shutdown, anywhere the device is used, is necessary. All devices should have all the security controls in place, including encryption solutions and passwords, to be in compliance, both on or off the network.
In the cloud, a hosted platform can provide monitoring to enforce policies and remediate out-of-date software on all noncompliant end points, or block non-compliant endpoints from connecting to the corporate network. These hosted services can speak to remote devices, gather compliance information and report back to the corporate network, displaying the results on the administrator’s dashboard. This capability helps narrow the mobile blind spot significantly.
With so many mobile workers, businesses cannot ignore the potential for loss or theft of corporate assets. What happens when an employee stops somewhere on the way home, leaves his computer in his car, and someone breaks into the car and steals it? Now, any sensitive data on the machine is vulnerable and in the hands of unauthorized people.
Data protection is particularly important to a company’s reputation. You want to make sure your customers know they can trust you will keep their information secure.
Encryption technologies are the most common way to protect data at rest. Companies should employ hard drive encryption solutions that make all data invisible to thieves. Data leak prevention for data in motion prevents the leakage of sensitive data by inspecting the content of files based on set policies and taking appropriate action.
Most companies allow teleworking for a number or reasons. Teleworking supports green initiatives and offers employees the flexibility to work anywhere and thus be more productive. But is there a better solution for enabling remote working than buying, distributing and managing large laptop inventories?
One way to minimize hardware costs is to leverage home computers that most workers already have. Companies can provide access to corporate resources via USB drives and mobile keys, for example. Remote workers can sign on remotely by entering credentials using any personal computer, and have a desktop view of their work PCs at home. With single sign-on, employees gain remote access to corporate resources, without having to physically take a laptop out of the office. This eliminates the risk of losing data through device theft or loss. Policies can be layered onto this model to prevent copying and pasting information from work desktops to personal devices, as well.
Although teleworking can increase productivity by extending office resources to anywhere employees are, it’s important to enforce that employees are indeed working when they are not in the office. In a down economy, acquisition decisions weigh productivity statistics heavily. Despite the demand for mobility in the workforce, unsupervised employees can be easily distracted by personal business, such as e-mail, Web surfing and instant messaging.
To prevent lost productivity that can result from an increasingly mobile workforce, put policies in place and then enforce them through specified controls:
- Establish a percentage of personal to business activities that remote workers should strive to achieve — 75 percent may be a good goal.
- Standardize on a single platform and limit ability for use of that platform outside company boundaries. For example, you can place a gateway in the network to archive all conversations between employees.
- Notify employees that IM conversations are monitored and that logs are stored for managerial review.
- Require manager approval for external messaging access.
- Use software controls to restrict employees to using a company-wide platform only, and turn on the monitoring function.
- Collect usage stats and generate reports to support disciplinary action.
Keep in mind that even if you tell your employees you’re monitoring their usage, the reality is no one has time to actually go through all the logs. Send an e-mail to every manager with a link to a log file of instant message files for each of their reports. Suggest that managers review those links once a year.