Just like the computers at employees’ desks, smartphones and tablets can be targeted by hackers as well, and as remote working continues to become more common, this type of equipment is likely to present a greater potential exposure.
Mobile Cyber-security Measures
Cyber-security is a subject that many employers have become more aware of in recent years, but there will always be more to learn and additional adaptations to make. As technology continues to evolve, so do the methods by which a cyber-attack might take place. One key example of a potential cyber-security step that organisations may not have prioritised heavily enough is maintaining the security of mobile devices.
Like any other cyber-security practice, the process of keeping mobile devices safe includes a number of key steps. In order to keep sensitive information and data secure, consider the steps
- Selecting mobile devices—One of the first steps to ensuring ample cyber-security is issuing employees proper equipment. When choosing devices, take time to assess which manufacturers meet your security needs and how different operating systems will synergise with programs used by workers. Given that technology is constantly evolving, it is also important to develop a strategy for updating devices when it becomes necessary.
- Configuring devices—Before issuing devices to employees, it is important that they are set up correctly. Your organisation should ensure that phones, tablets and laptops have proper cyber-security measures installed, such as antivirus software. It may also be advisable to restrict how much control employees have over altering settings and installing additional programs.
- Maintaining security—Once mobile devices have been distributed to employees, organisations must ensure that optimal cyber-security is maintained. Employers should establish clear and firm policies regarding acceptable uses of devices, and set up a system to monitor and log data in the event of a cyber-incident. Employees should also be instructed to promptly install any software updates on their devices as these patches are often intended to cover up a potential weakness that could be targeted by cyber-criminals.
The expanded use of mobile devices outside of an organisation’s own premises can result in additional risks. With remote work expected to remain a trend, it is important for employers to understand cyber-security steps for devices issued to remote employees.
While cyber-security will ideally prevent cyber-attacks against your organisation from succeeding, it is always important to have a plan in place for unfortunate circumstances. In the case of cyber-incidents, one common issue that demands contingency is a device becoming infected with malware.
In the event that an organisation does become a victim of malware, being ready to respond quickly and appropriately can limit the damage. In order to minimise the potential ramifications of a malware attack, consider the following steps:
- Disconnect any infected devices from all network connections immediately.
- In serious cases, consider shutting off Wi-Fi networks, disabling core network connections and even disconnecting the internet completely.
- Reset employee credentials, such as passwords. Before doing this, be sure to verify that your organisation will not be locked out of its own systems.
- Safely wipe any infected devices and reinstall their operating systems.
- Prior to restoring data to a device, verify that both the device and your backup data are not infected. It is of the utmost importance that organisations are certain that both the backup and the device are safe prior to performing this step.
- Connect devices to a safe network in order to download, install and update software.
- Install, update and run antivirus software.
- After reconnecting the device to your network, monitor traffic and utilise antivirus software to check for any remains of the initial malware infection.
There are many hazards and risks that employers must navigate on a daily basis. Unfortunately, even the most prudent precautions may not always be enough to prevent problems entirely. In the case of cyber-security, organisations must be prepared to understand how to react after an attack in order to prevent a moderate incident from becoming a large disaster.