Critical Cybersecurity Protocols To Implement

Uploaded on 2016-12-09 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

Employees in the office or out and about are commonly using mobile devices, yours and theirs.  Your network is vulnerable wherever they are. 

It used to be that workers would come into the office, sit at their desk, work for eight hours (with a break for lunch in there somewhere), and then go home. Now, however, work is moving out of the office and into, well… everywhere else. With teleconferencing, smartphones, cloud computing, and a long line of other mobile technologies, today’s workforce has evolved. Workers are used to always being on the go.

For that to be possible, though, they need to be able to access their work data from anywhere. The world has adapted to the point where that “always connected” mentality is necessary. The problem with being able to access your data from anywhere, though, is that other people can find ways to access that data, too—people you don’t want going through customer information, company financial records, and other secure data.

Security provider Blue Coat reports that the average data breach costs an organization $10,000, with some breaches being more commonly reported in the tens of millions. In order to lower the risk of such a breach, it’s wise to put security protocols in place and map the process out on in a step-by-step format via workflow management software for the entire organization to see. Here are a few protocols you should keep in mind when creating this process internally.

Install malware protection software

Mobile malware used to be uncommon, but its popularity is growing. In the past, it was difficult to infect an Apple mobile device with malware, because it required the user either to actively download an infected app from Apple’s store or to jailbreak their phone in order to install their own unauthorized apps. In 2015, however, it was discovered that attacks using XcodeGhost and YiSpecter did not require those same vulnerabilities. To counteract these and similar threats, companies should make sure that any device employees use to access the company’s network or records has malware protection installed.

Update apps as soon as possible

Cybercriminals are working day and night to find and exploit new vulnerabilities, and the people who built the apps they are attacking are working just as hard to fix those vulnerabilities. Get your employees in the habit of keeping all apps on their phones, laptops, and other devices they use to connect remotely in order to remain protected against breaches.

In the same vein, enforce a policy that regulates which apps employees can and cannot download or access using the company network.

Require a PIN/passcode for all mobile devices

Criminals looking for secure data may not even need malware if they can get their hands on an employee’s mobile device. Whether the employee has stored the secure data on their device or regularly uses it to access the company network, it presents a vulnerability. The first step to closing this security gap is a simple one—require all employees to utilize a PIN or passcode in order to unlock the phone. Make sure that it is a secure password and that it locks within five minutes.

When it comes to passcodes, longer is generally better. A four-digit PIN means there are 10,000 possibilities, but professional hackers won’t be deterred. On iOS, your employees can go into settings and turn the “Simple Passcode” setting to Off.

Set up devices for remote wipes

If one of your employees actually does lose their phone, whether it was stolen or misplaced, you don’t want that data to be outside of your control. If all else fails, you need to be able to take that information out of the wild. 

Set up your devices so that, in an emergency, you can access it remotely and wipe all of the data stored on it. Depending on the type of device your employees are using, this might require you to download a special app, or it might come as part of the standard suite. With the remote wipe enabled, a lost device will still be the loss of an asset, but it won’t necessarily become a security breach.

CTO Vision:               BYOD Security Report:
 

« AI Ushers In A Whole New Era Of Hacking
China's Great Wall Into Russian Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cifas

Cifas

Cifas are leaders in fraud prevention, working closely with UK law enforcement partners.

EclecticIQ

EclecticIQ

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services.

Lynx Software Technologies

Lynx Software Technologies

Lynx provide secure software and operating systems for use in mission critical applications such as aerospace, medical, transportation and IoT.

CyberScout

CyberScout

Cyberscout delivers the latest cybersecurity education, protection and resolutions services. We also provide swift incident response services around the world.

DCIT

DCIT

DCIT is a specialist in providing comprehensive consulting and auditing services in the field of information technology, PROVYS development software and security system AuditSquare.

Myra Security

Myra Security

Myra technology monitors, analyzes, and filters malicious internet traffic before virtual attacks can do any real harm.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

Singular Security

Singular Security

Singular Security help public and private organizations minimize cybersecurity risk and pass their IT compliance audit.

Bigbee Technology

Bigbee Technology

Bigbee Technology are an IT solutions company based in Dar es Salaam founded by a group of professionals from around the globe.

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.

e5 Lab

e5 Lab

e5 Lab seeks to develop solutions to challenges faced by the shipping industry including digital transformation, autonomous technologies and big data in order to promote safe and efficient operations.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

Anonomatic

Anonomatic

Anonomatic’s mission is to make data privacy secure, simple and cost effective. We are Data and Privacy Experts who are passionate about helping organizations solve PII compliance.

Probity

Probity

Probity Inc. is a certified software development and systems engineering company, providing support to federal government and national defense related clients.

ITQ Latam

ITQ Latam

ITQ Latam are specialists in cybersecurity, in a convergent ecosystem of technological solutions in infrastructure, cloud and security networks.

XeneX

XeneX

XeneX Cloud Security Services address enterprise-class security challenges by enabling DevOps and Security teams to access a shared source of truth.