By Sanjay Rohatgi, Senior Vice President, Asia Pacific, Symantec
As enterprises aboard the technology bandwagon for employees, the ‘future of work’ is not only being shaped by automation, but also by the shift in aspirations. As per the recent report, 40 percent employers say they already have a work-from-home policy and they are constantly modifying it to suit the changing needs of employees; 25 percent organizations plan to implement this policy in near future. As the physical workplace environments shift to suit the aspirations of the gen tech workers who prefer more flexible work arrangements, what does it mean for cyber security?
Over the past year, we at Symantec have noticed a profound change in how enterprise data is being targeted by the cybercriminals. IT leaders are on high alert after attacks on organizations and threats like the Dyn attacks have brought the information security at the top of their priorities. Organizations need to ensure that company information is secure, no matter from where employees are accessing the company network.
Here are a few valuable tips to share with your employees on maintaining cyber security while working remotely or traveling.
- Don’t share your plans and locations
Travel and holidays are the exciting time and people want to post everything about it on social media. However, at the same time, there needs to be cautious around how much we are sharing. People shouldn’t post pictures of itineraries, flight tickets or boarding passes along with details on the specific dates. We have seen the risks involved repeatedly, from finding out your frequent flyer points were stolen or having your home broken into while you were out.
Employees should also be aware of how much information they may inadvertently be sharing via their mobile applications. Facebook and Twitter, for example, both share location information, which can be used to target a user with phishing techniques.
- Watch that Wi-Fi
While it may be tempting to use that free airport or café network, it is crucial to keep in mind that supposedly private communication is in the air, where anyone can grab it. When using public Wi-Fi, caution is critical. In fact, it is best to avoid doing so completely. It is common for users to be tricked into connecting to rogue Wi-Fi networks and unknowingly send their communication directly to an attacker. Once connected to a network, the attacker can capture logins, passwords and any data sent from employee browsers while they are surfing the web.
Consider purchasing a cloud proxy or virtual private network (VPN) subscription service that employees are then required use these when connecting to the internet. The use of a VPN encrypts all communications making them safe from any potential attacker’s view.
- Try a password vault
A password vault makes it easier for ensures that employees can easily set very strong passwords for all applications and websites, while only requiring them to remember a single password to access the vault.
- Use Two-factor authentication
Multi-factor authentication ensures an extra layer of security. The first factor being a password (a factor you know) and the second being a secure code or device (a factor you have) to approve the login. This could be a push notification sent to an app on your phone, a code generated by an app or physical key fob device. Many consumer online services such as PayPal, Facebook, and Outlook have the ability to turn on multifactor authentication. Enterprise applications and services such as a VPN, Office 365 and Dropbox can also be integrated and use multi-factor authentication.
- Secure All Entry Points to Your Devices
On endpoints, it is important to have the latest versions of antivirus software installed. Deploy and use a comprehensive endpoint security product that includes additional layers of protection, and maintain regular backups that are available. In the event of a security or data emergency, backups should be easily accessible to minimize not only downtime of services but also mitigate the loss of productivity.
- Backup System and Encryption Must to Secure Mobile Devices
Having a backup system in place is critical. While employees may try their best to care for their devices, sometimes they do get lost or stolen. To help protect organization’s critical data, a backup system will ensure that the data is recoverable.
Also, encryption of a device’s data is a must to prevent anyone from stealing sensitive information if they do get hold of the device. Install a mobile device management system across all employee devices to secure and (hopefully) recover lost mobile devices. If your employees use iOS and OSX, ensure they turn “Find My Device” on, so they can not only try to locate it but wipe it remotely if needed.