technology

 

 

 

Poor asset management in many organizations means that companies often don't have a clear idea of which mobile devices they own. By keeping track of the mobile devices in use, you can reconcile the equipment in your database with what employees still have in their possession. In addition you will need to have technology in place to block unauthorized devices from using the network. All these tasks should be centralized and automated with software tools.

 

 

Why allow your customer list to leave the office on someone's laptop when they have no reason to take it? Data loss prevention technology can stop inappropriate information from being copied across the network or to removable devices like USB sticks. Use the concept of least privilege, allowing users access only to the files that they need for their jobs. You will also need the flexibility to apply a different set of rules for senior executives.

 

 

It is vital to have technology in place for remote wipe/kill of lost and stolen devices, but while this is a useful defensive measure, alone it is not enough. It only works after the device connects to the Internet and receives notification that it has been stolen, which gives the criminal a window of opportunity to steal data from the device. You should strongly consider complementing such technology with hardware encryption to scramble data on the drive. For added defense, consider issuing employees with a two factor authentication device such as a smart card that must be used to encrypt the system. Do this and you reduce the risk of compromised passwords or PINs. This protection will need to be centrally managed and apply to all devices.

 

 

Mobile devices used outside of the corporate network are outside your control, which means that they may become infected with malware. Network access control is becoming a common way of solving this problem, and it can be carried out at the devices or network level. For example, it can stop users from roaming on unsecured networks, picking up malware and then importing it onto the company LAN. Devices found that are not compliant with the security policy can be denied access until they are fixed.

 

 

An extension of this service involves patching systems over the air. Whenever devices are connected to the network, they should look for updates, particularly if out of the office for extended periods. Again this process needs to be automated to ensure security.

 

 

To connect securely back to the office, your mobile devices will need a virtual private network (VPN). A VPN is especially important in a public WiFi setting, where network packets will be 'sniffable' over the air. Secure sockets layer (SSL) VPNs are becoming increasingly common for use with smart phones and laptop computers. They protect individual applications, rather than the whole network and use web browsers’ inbuilt SSL security.

 

 

Training is a vital part of security, and users will need to be reminded of the risks that they face when out of the office. Training also needs to be tailored to each specific user type so that all employees know what they have to do and what their responsibilities are.