A five point checklist has been created to help all Angus businesses regain confidence and control of work mobile devices – and reduce the risk of becoming the next victim of a devastating cyber attack.
In response to the ever-spiralling use of mobile devices as essential work tools, the Scottish Business Resilience Centre has summarised the key points from an upcoming talk by renowned expert, Richard Hollis of Risk Factory, which will be presented at the Trading Securely for Business Cyber Conference, taking place at the National Museum of Scotland on March 9.
The five measures are:
1. Quantify – The first stage is to carry out an audit - how many devices have access to your system, and who controls them? Who still has access to your system and is access always removed when an employee leaves the business? It is vital to assess the current situation at the earliest stage, before adopting best practice.
2. Create Policy – create a watertight policy on how work devices should be used or how people should access devices, i.e prohibit access to certain sites, servers or apps. Is there a clear policy on what staff can do when using work and personal devices? This is not necessarily a censor, but to protect the system from negligence or devious cyber attackers infiltrating through unprotected channels.
3. Configuration – configure devices with strong passwords and protection software – and regularly update them. Do employees or systems have insecure passwords? All it takes is one person with a bad or obvious password for a seemingly secure system to be breached – putting personal and business data at risk.
4. Encryption – Make sure devices are suitably encrypted. Encryption protects data when sent and received, which creates a two-layer barrier above and beyond any current protection, limiting the ability of a hacker to access information. Recognised services such as Microsoft Office, Gmail and WhatsApp automatically protect your data in this way – as do some cloud services such as Dropbox.
5. Be Alert – If something happens, have a plan of action – secure devices, change passwords and update any security software. If anything suspicious or unusual is spotted make sure it is reported. Actively keep to the best advised practice and carry out regular audits to ensure systems remain as safe as possible. It is always advisable to stay abreast of developments in security and best practice advice from the SBRC.
For more information on Trading Securely for Business 2016 and to download the delegate and exhibitor packs, visit www.sbrcentre.co.uk.