Keep Your Mobile Data Locked Down
Mobile computing continues to empower today’s on-the-go workforce in a wide range of environments. As with any connective technology, however, a number of security challenges must be addressed as part of the implementation process.
On the surface, protecting mobile devices may seem daunting, but with a little training and preparation, IT departments can help users avoid numerous common pitfalls. Here are five tips for better mobile security.
1. Teach your employees not to trust public hot spots.
Most public Wi-Fi hot spots are unsecured, and users need to be aware that “unsecured” means exactly that: Data traveling to and from the access point isn’t encrypted and can be easily intercepted as clear text by anyone nearby. Train your personnel to use these access points as sparingly as possible and to disconnect from them as soon as practical.
Also, while it might be quicker for your employees to access corporate e-mail through your company’s web mail portal, train them to use a virtual private network instead because VPNs typically employ stronger encryption.
2. Provide users with secure removable storage.
Whether to perform a routine backup or just move a presentation onto a projector-enabled machine, chances are good that users will need removable storage at some point. Instead of leaving them on their own when the situation arises, invest in a secure removable storage device with each new notebook. Encrypted thumb drives start at less than $50 and can provide invaluable security for sensitive data, giving your organization added peace of mind in the event of data loss or theft.
3. Implement strong password policies and disable automatic login for users.
By default, Windows domain servers have reasonably strong password policies. Unfortunately, it’s still common practice in many IT departments to use standard passwords — or worse yet, allow automatic or scripted logins to some system resources.
Resist the temptation to leave your network assets vulnerable in the interest of convenience. Use random passwords for all of your company’s network accounts and enforce mandatory password changes at least every 90 days. If your environment is one in which several technicians need to touch a user’s machine before deployment, consider documenting these random passwords in a database that only your department can access.
4. Teach users to disable unused Wi-Fi and Bluetooth connections.
Like any communications interface, unused Bluetooth and Wi-Fi connections offer zero benefit and infinite liability when left enabled. Train users to disable these on notebooks, smartphones and other mobile devices. Sometimes this can be as simple as flipping a switch or using a keyboard shortcut. Not only will this render the device invisible to others, but it also extends battery life. Additionally, disabling Wi-Fi can be beneficial from a technical standpoint because it simplifies adapter switching and can prevent connectivity issues when using certain network chipsets.
5. Foster a culture of diligence with mobile devices.
Eventually, every IT department is asked to replace a lost device — a stolen notebook or a BlackBerry that was left behind in a taxicab, for example.
While no amount of training can prevent all human error, make the most of your new-user training sessions to plant seeds of attentiveness. Give your users a list of mobile do’s (do store your notebook in the trunk, not the back seat) and don’ts (don’t leave your notebook unattended in the coffee shop while you use the bathroom). Also, teach users to employ best practices to lessen accessibility to sensitive data. Encourage them to compulsively lock their phones and to log out or lock their notebooks when they walk away — even if only for a second. This nominal level of caution is often enough to protect sensitive data from potential threats.
