With travel restrictions lifting and summer in full swing, we know your employees are eager to pack up and fly out to their favorite vacation spots again. But if your employees are headed out into airports, hotel lobbies, and tourist hotspots with important company data in tow, you need a plan to ensure they understand the risks involved with device portability and know how to prevent potential cybersecurity disasters. With that in mind, here are a few tips on how to create a robust and portable cybersecurity plan.
THE RISKS OF BYOD
Human error is still overwhelmingly considered the primary culprit behind most cybersecurity breaches. So, if your employees are going to avoid these momentary lapses in judgment, they have to be as cybersecurity savvy as possible. Here are the main perils to avoid when on the move:
The Loss or Theft of Their Device
The most obvious threat is sometimes the most overlooked. Your employees must understand that losing their phone or laptop when on vacation doesn’t just mean losing beach selfies and dinner reservation e-mails; they’re misplacing a work device with the ability to access potentially sensitive info.
Hotel and airport wifi hotspots may be convenient, but they are definitely not worth the risk when you’re on a work device. If a wifi hotspot is “unsecured, “ that means anybody on the same network who has the know-how could potentially spy on your information. In addition, many hackers are known to set up free wifi hotspots near tourist destinations to try and steal personal information, passwords, and browser histories.
It has long been known that portability heightens the risk of ransomware attacks. For example, when employees travel, their mind is sure to be less focused on work issues and more concerned with which sunscreen to use. But moving quickly and clicking on the wrong link or not carefully vetting an e-mail could be potentially disastrous.
Employees sometimes get frustrated that their portable device doesn’t have the same capabilities as their workstation. Unfortunately, they may then look to third-party software to regain these functions, and many times these solutions contain vulnerabilities.
BYOD BEST PRACTICES
Despite the risks, BYOD is becoming a modern staple of the contemporary work environment, even more so post-pandemic. So, since eliminating these risks entirely is not in the cards, here are some tools that can enhance your formal BYOD policy ASAP to help mitigate the risks outlined above:
Acceptable Use Guidelines
These policies help define rules around:
- Which applications or company-owned assets can be used on personal devices.
- What types of wifi connections are allowed and under what circumstances.
- Which applications or websites are prohibited or blocked
- Consequences for not installing updates or changing accepted configurations
VPNs protect incoming and outgoing traffic, hide your browser history, and generally prevent hackers from tracking your online activities, even on public wifi.
Password Management Tools
Poor password hygiene is still rampant despite it being an obvious step towards better cybersecurity. If creating and storing new long, unique passwords routinely seems to be a problem, consider requiring password management tools like 1Password or Keeper.
MDM or MDA
Mobile Device Management (MDM) software can also be installed on end-user devices and allow you to remotely monitor, manage, and configure them as you see fit. If a device is lost or stolen, you can quickly and remotely delete or back up sensitive data to the cloud.
An alternative, less-invasive option that may be more popular with your employees is Mobile Device Auditing (MDA), which simply reports on the locations and configurations of end-user devices but does not allow you to take control of them.
Regardless of the methods and policies you choose, developing a well-rounded policy around portable devices is a must as employees start to move with more freedom. If you need guidance on more ways to allow employee flexibility while staying strict on cybersecurity, contact our experts at Haselkorn Inc.