Cybersecurity has grown from an afterthought to one of the most critical concerns for any growing business. From local hardware stores to international hotel chains, hackers are targeting anyone who has credit-card-wielding customers. While you're aware that you need standard security like firewalls, the last decade of battle with the hacking community has revealed that we need more than just defences for a comprehensive security strategy. Businesses need security solutions to existing problems and security gaps.
Today, we're here to discuss the current industry best practices for countering the hacking community's attacks on mobile devices, proprietary business applications, and local business networks.
Mobile Device SecurityEvery 53 seconds, a laptop is stolen. Half of these laptops are taken directly out of the offices where they are used. Moreover, for a business 80% of the cost of a laptop loss will be due to the data breach caused by whoever stole the thing. One hospital, EMC and Hartford, was fined over $90,000 because a single laptop was stolen that contained confidential information of over nine thousand people.
Businesses live in fear of an employee's mobile device is lost resulting in a data breach. One employee loses the phone or laptop used for work, with all their accounts left logged into proprietary information, and your business could be in serious trouble. Here's how to make sure that doesn't happen.
Remote DiagnosticsWhen a device is lost or stolen, a company has to do a quick risk assessment: Has it already been breached? Is this recoverable?
The answer to that question depends on what happened to the device. If it fell into the crevice of a restaurant booth and is still there, the chances are that there was no data breach. If it is three cities away and moving, there's a much higher chance of a thief with ill intentions.
The fear factor is not knowing what's going on with the missing device. While GPS-tracking is a thorny issue for GDPR compliance, there is another solution: Remote Diagnostics. By merely having access to the phone's status at a distance, you can learn a lot about whether it is lost at home or actively being hacked.
Remote diagnostics could tell you if the device is on, how much battery it has, if it's connected to the internet, what apps are running, and possibly even what wifi network the device is connected to. This can give you a ton of information about the active risk of a lost device.
Kill Switches Kill switches are the second part of a mobile security solution. Because what happens if a low-life steals a valuable company device with the intent to harvest sensitive data? The answer, of course, is to kill the device. While it would be nice to apprehend the criminal and recover the device, this solution is far better than allowing your data to be stolen and people's lives and finances to be put at risk.
Kill switches usually wipe all the data on a device, including personal data of the employee-user. If you install kill switches, either figure out how to only target your data or ensure employees understand to backup personal data or better, keep it off the company devices.
Software and App Security
Another major security concern in today's digital environment is login security. In the name of convenience, we often leave ourselves logged in or make it easy to log back in without actually entering a password automatically. Even for work software, apps, and web portals that provide authorised access to sensitive data.
In other words, anyone accessing the same device (or with cloned saved-login settings) could allow a hacker to gain access using someone else's authorisation. Here's how to make sure your workstations, mobile devices, and employee home computers don't accidentally become an avenue for a data breach.
Encrypt EverythingFirst and foremost, encrypt everything. Make sure your databases and company-end resources are encrypted so that hackers don't gain anything if they break in. Moreover, ensure the client-side of applications is encrypted so that their passwords and messages are safe by default, even on a compromised computer. Finally, encrypt all data before it transfers so that router hackers can't read it in-transit.
Default to Logged-OutThe next concern is the fact that many leave themselves logged into everything. If an employee's device is stolen or even just lost while they are auto-logged-in to company software, a data breach is much more likely. An opportunistic teenager could steal your data, even if they had no intentions of becoming a hacker or holding the company for ransom.
The answer, of course, is to make sure your company apps don't stay logged in. Apps should require re-authentification after a time-out period, and every time the device is opened or activated. This way, if someone new picks up a device, they will not have access.
Highly Personalized LoginThat said, no one wants to enter a password over and over. Some will seek dangerous shortcuts (or choose insecure passwords) to avoid the hassle. The answer to this one is to use cutting-edge technology for faster authentication techniques.
Iris scanning is something that modern phones can do, along with some tablets and laptops. Fingerprint scanning is universal. Picture passwords (available in many styles) are less irritating than entering an alphanumeric password time and time again.
Suspicion-Based Security AlertsDon't forget how important it is to detect when a login or logged-in device has been stolen. Fortunately, there are some pretty clear suspicion indicators that a simple application can pick up on. A new IP address, connecting from a new device, a new network, or logging from a city far away from the employee are all security red flags that will help identify hacks as they happen.
Business Network SecurityYou will also need to keep your internal network safe to secure workstations, servers, and local project environments. Even businesses that are mostly on the cloud require a clean local network to be able to handle client information safely. Unfortunately, corporate hackers are constantly looking for loopholes in well-known business operating systems, software, and online resources.
Customise Firewall SettingsYou already know that you need a great firewall. However, not everyone realises that you should customise your settings. Try closing all ports that are not necessary for everyday use and working with whitelist permissions. What this means is that only applications and processes that are known and approved of will be allowed through, while everything new will be stopped and flagged until security approves it.
Network Monitoring DefensesNext, use network monitoring. This is a simple phrase for an incredibly useful set of tools. Network monitoring can tell you about the exact details of how a computer is functioning and the flow of information through the network. Its original use was diagnostics, but it can also be used to detect hackers.
Hidden malware, for example, can be identified by its unregistered RAM and CPU usage. Unauthorised network activity can be recognised as packets flowing that the monitoring software does not expect. Also, network monitoring can flag any unauthorised or unusual file access. In other words, it functions as a security camera for your network.
Audit Account AuthorizationsFinally, ensure that no accounts are left with permissions they shouldn't have. If someone transfers departments, make sure they are removed from any secure files relating to their former department. Also, if an employee leaves, make sure their login stops working immediately. This significantly reduces the chance that employees will, accidentally or on purpose, misuse or reveal information they shouldn't have access to.
Securing your business data is an increasingly complex task. However, with the right attitude and up-to-date approach, you should have no problem closing these security holes and thwarting the majority of hackers with their simple device and login stealing techniques. For more expert cybersecurity advice or a complete path to your next security upgrade, check out our ebook!