Get smart with cyber security when working on the road
Simon Cohen, Head of IT Consulting at Moore Stephens (WA), discusses practical tips to avoid becoming a cyber victim when working out of the office. Many more devices are being lost or stolen and cyber criminals are increasingly focussing on easy targets such as unsecured networks, he writes.
You are on your way to an important client meeting, but you are a little early, so you decided to stop at a coffee shop you know for a last-minute review of your presentation and to check a few emails. You chose the coffee shop because (apart from the good coffee) it has free WIFI.
You arrive, open your laptop, login, review your work and save it to your USB stick; you then briefly check your work emails on your personal phone, finish your coffee and head for your meeting.
You hand over your USB stick. Your presentation is on the screen and you are ready to go!
Later that evening you plug in your USB stick to your private laptop, log in to your company network and copy your updated file to your network drive or document filing system.
Sound familiar?
For many, this is a typical example of how a busy, mobile professional operates. Perhaps change the coffee shop for an airport or substitute a hotel instead of the client’s office. Either way, advancements in mobile technology enable us to work on the move and in different places which provide significant business advantages.
However, this also presents new and different challenges around device, data and network security. Many more devices are being lost or stolen and cyber criminals are increasingly focussing on easy targets such as unsecured networks:
-
- For example, PerthNow recently reported that, “the State Government recently released figures stating between July 1st 2016 and June 30th 2018, 1171 devices were reported as lost or stolen – including dozens from WA Police. The value of these devices was estimated at $867,933.”
- And according to the iPass 2018 Mobile Security Report: 81% of respondents had seen Wi-Fi related security incidents with cafes, airports and hotels being cited as the most vulnerable locations. In addition, 67% of CIOs surveyed have already banned the use of Free Wi-Fi hotspots. However, this can also have a negative business impact
- Additionally, McAfee’s Mobile Threat Report Q1, 2018 states that “16 million users were hit with mobile malware in Q3, 2017 – nearly doubling the previous year’s total.” The report also states that “it took 20 years to reach 2million malware samples on the PC whereas it’s only taken 2 years to reach the same level on mobile devices.”
Furthermore, the use of USB sticks for transferring documents also creates security concerns for IT teams constantly playing defence – as these ‘assets’ are generally not tracked, or security checked, before being plugged back in to host corporate networks.
It is therefore clear that the increasing desire and need of professionals to work remotely and on-the-move creates many business benefits; but the introduction of more-and-more mobile devices (endpoints), used without due care and attention have created a prime target for cyber criminals and a mounting headache of additional security concerns for organisations and their IT teams.
So, the question becomes how do we balance remote and mobile working with protecting your devices, data and corporate networks?
Here are 6 tips to help maintain your operational security whilst on the move:
1. Sit in a secluded area and ideally avoid areas where people can walk sit behind you. Keep your belongings neatly together and in full view – you are not in your home or office. Avoid working on sensitive, confidential information but if that’s unavoidable invest in a privacy screen protector. Lastly, be wary of others leaving their belongings near your possessions – they might be looking to pick up more than they put down.
2. Avoid using free, public Wi-Fi. However, if, for some reason, it is essential to use a Free Wi-Fi hotspot then ensure you use a Virtual Private Network (VPN): A VPN is an extended private network enabling secure direct connections between two devices across a public network.
3. Also use a VPN prior to connect to your corporate network from your home. Even if you have changed the default password on your home router, your personal laptop or network is unlikely to be as well guarded as your corporate infrastructure so it’s advisable to avoid transmitting any lurking viruses or malware to your corporate network.
4. Talk to your IT team about ‘Endpoint’ protection for your remote mobile devices. Endpoint protection is software that’s loaded onto each remote network device and is configured to prevent threats as they occur; but it will also enable your device to be remotely locked or wiped should it become lost, stolen or compromised.
However, if you use your personal devices for work then you should consult your Bring Your Own Device(BYOD) policy and discuss the implications of ‘EndPoint’ Protection with your IT team.
5. Similarly, you can also install device encryption software on laptops making it more difficult for thieves to access your data. Bitlocker is free with Windows 10 Pro and Enterprise but it’s also a good idea to check for device compatibility as it can be problematic with older laptops: that don’t have a Trusted Platform Module (TPM) chip.
6. Finally, do not use USB sticks to transfer documents; instead, use email or specific document collaboration tools. At our Moore Stephens office, transferring documents to USB devices is technically restricted to specific individuals and there is clear guidance about their use. However, if you really must use a USB stick then ensure it is re-scanned by your IT team before re-inserting it into any device on your corporate network.
Sources:
2. https://www.ipass.com/wp-content/uploads/2018/03/iPass-Mobile-Security-Report-2018.pdf
3. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-mobile-threat-report-2018.pdf
Simon Cohen has over 20 years’ experience in the IT industry, spanning key areas of software development & support, Project Management, IT Security, Data Centre upgrades, Web performance, IT Operations and building and expanding effective teams. He has delivered key strategic and technical solutions for global organisations such as PwC, UBS and Thomson Reuters and has managed teams spanning US, UK, Poland, Singapore & India. Simon is also experienced in working with SME’s across various sectors to assess requirements against current practices and devise suitable strategies and practical solutions. He currently focuses in helping organisations on key areas of IT advisory and consulting. Simon has worked with and in many different types of organisations and is adept at cutting through the structural, political and cultural complexities in order to obtain the outcomes they desire. Contact Simon at scohen@moorestephens.com.au or connect via LinkedIn .
You can also connect with Moore Stephens via Facebook, LinkedIn and Twitter