This article was originally published on the FRONTEO blog. It's a good collection of practical tips for keeping company data secure, so we wanted to share it here, as well.
Today’s highly mobile workforce requires easy access to data while traveling and working remotely. Providing that ease of access and supporting productivity while keeping data secure presents a balancing act for IT.
Employees unfortunately don’t always understand the myriad security threats and what form they take. They use unapproved apps and devices, access unsecure Wi-Fi networks while on the road, and ignore security updates on mobile technology, because they are in a rush, are too trusting, or just don’t understand the security warnings. In this mobile work environment, personal and work devices and data are inextricably blended. Many employees use personal devices to access sensitive corporate data, and prefer (or expect) their employer to handle security on their personal devices.
So how best to keep important company data secure from loss or theft? Following are 11 steps IT can take to keep data secure and to increase the barriers to access to prevent or minimize the impact of hackers, viruses or the theft or loss of a device:
- Enforce an effective password policy: Users’ passwords should have at least 8 -10 characters and a mixture of letters and numbers. Encourage users not to reuse the same passwords on multiple sites or applications. Sharing of passwords should be strictly forbidden. Passwords should be changed regularly—at least every 90 days.
- Restrict email attachments: Configure mail servers to block or remove email that contains file attachments that are commonly used to spread viruses, such as .VBS, .BAT, .EXE, .PIF, and .SCR files. Ensure that mail servers are adequately protected by security software and that email is thoroughly scanned.
- Save data to offline storage: Traveling employees can work effectively with a laptop or mobile device that stores virtually no data. The files they need can be accessed in the cloud, on USB or external hard drives. This is a particularly useful measure when traveling to countries where customs agents may review or copy content from a laptop hard drive.
- Use 2-Factor Authentication: Two-factor authentication (“2FA”) access requires a password plus another unique item, such as a physical token. Two-factor authentication provides an additional layer of security, making it harder for attackers to gain access to a person’s devices and online accounts, because the victim’s password alone is not enough to gain access.
- Employ block-level encryption on laptops: A block cipher is a method of encrypting text in which a cryptographic key and algorithm are applied to a block of data at once, through the use of a hardware or software encryption tool. In the event of theft of the laptop, the thief would be unable to open encrypted data files without a key.
- Remote Wipe Services on mobile devices: In the event of loss or theft of a company owned or personal mobile phone, a person with administrator rights can remotely wipe data from the device, including email, calendar, contacts, photos, music, and a user’s personal files. With some devices, a setting can be employed that will wipe data automatically after several failed access attempts.
- Identify security levels and apply appropriate security measures: Understand the sensitivity of various types of data and classify it. For example, payroll and HR data is highly sensitive, and should not be saved to mobile devices. Other data, for example sales collateral or content shared on the web, may be designated as ‘public’, and will have a lower level of security. When security levels are defined and enforced, educate users in the organization about following secure data practices.
- Keep all asset records on computers and devices: Asset records include a serial number, model, department name or number, and other identifying details. Tag every device with a barcode label or tag using GPS or RFID, which broadcast their location. A locator device can help with recovery in the event of loss or theft.
- Use active monitoring and configuration management: Maintain a current inventory of devices (servers, workstations, laptops, and remote devices) connected to the network.
- Implement biometrics access: Increasingly, organizations working in highly sensitive information are using biometrics to control access. Server farms, advanced laboratories, and clean rooms use a fingerprint, retina, or face scan to identify and allow access only to approved individuals.
- Proactively manage updates and patches: Update, patch, and migrate users from outdated and insecure browsers, applications, and browser plug-ins. This is important not just for computers, but mobile and IoT devices, as well. Keep virus and intrusion prevention tools at the latest available versions.
These are just a few of the steps IT can take to increase data security and protect users and the organization from outside threats. Because threats change every day, it’s important to ensure that you have infection and incident response procedures in place. Keep your security vendor contact information handy, know who you will call, and what steps you will take if you discover a breach, loss, or virus infection. And above all, put consistent effort into educating and communicating with employees and users, who are the first line of defense against data theft and destruction.
