8 more security tips just for IT
Okay, so you thought there were just 10 but Khoi Nguyen, group product manager of Mobile Security at Symantec, said IT pros should, at bare minimum, do the following eight more to secure the enterprise from threats coming in via smartphones:
1. Education is essential. Educating employees is the first step in protecting information from malicious attacks. Organizations must help their employees understand what types of threats are out there, and how to prevent them.
2. Focus on protecting information instead of devices. Instead of solely focusing on the devices, companies need to take a step back and look at where their information is being stored and protect those areas accordingly.
3. Encrypt the data on the devices. The information stored on a company’s mobile devices is an important asset. Encrypting this data is a must. If the device is lost and the SIM card is stolen, the thief will not be able to access the data if the proper encryption technology is loaded on the device.
4. Make sure the security software is up to date. Organizations must treat mobile devices just like they would their PCs and keep security software-up-to-date. This will protect the device from new variants of malware and viruses that threaten a business’ critical information.
5. Develop and enforce strong security policies. In addition to encryption and security updates, it is important to enforce password management for managers and employees. Maintaining strong passwords will help protect the data stored in the phone if a device is lost or hacked.
6. Use caution when enabling Bluetooth. A phone’s Bluetooth setting is often set to “On” by default, so it will need to be turned off or paired with the device and configured with the headset. If not, the device will look for other Bluetooth-enabled phones to connect to, and could result in malware being loaded on to the device.
7. Stress the importance of paying attention. Make sure employees are always striving to be aware of their surroundings when entering passwords or viewing sensitive content to ensure that would-be criminals are not looking over their shoulders.
8. Be wary of free Wi-Fi. Wi-Fi hotspots at airports and cafes can be very convenient, but they can also be a breeding ground for malware. Once again, security education and software are essential to keeping business information safe while employees are accessing wireless networks.
If you want even more intel on the topic, ISACA, a nonprofit, independent association of 95,000 IT security, audit and governance professionals in 160 countries recently published the white paper Securing Mobile Devices as a guide for IT professionals.
“Don’t say that you will not support a technology just because of security issues, without weighing business need. And don’t think you can roll out a solution and then figure out how you will secure it,” advised Mark Lobel, author of the ISACA paper and principal, Advisory Services, at PricewaterhouseCoopers. The bad guys already have your number — why give them anything else?
A prolific and versatile writer, Pam Baker’s published credits include numerous articles in leading publications including, but not limited to: Institutional Investor magazine, CIO.com, NetworkWorld, ComputerWorld, IT World, Linux World, Internet News, E-Commerce Times, LinuxInsider, CIO Today Magazine, NPTech News (nonprofits), MedTech Journal, I Six Sigma magazine, Computer Sweden, NY Times, and Knight-Ridder/McClatchy newspapers. She has also authored several analytical studies on technology and eight books. Baker also wrote and produced an award-winning documentary on paper-making. She is a member of the National Press Club (NPC), Society of Professional Journalists (SPJ), and the Internet Press Guild (IPG).