Find out how you can improve the IT security on your mobile devices.
As you know, we don’t do GDPR: we help with IT security. Two of the biggest weaknesses in any IT network, particularly when it comes to data security, are our mobile devices.
- 72,000 laptops go missing every year, with 2/3rd left on trains and in coffee shops or public toilets
- 22,000 USB sticks are left in dry cleaners in the UK each year
- 90 mobile phones are left on London’s Tube network every day!
Let’s look at the IT security issues around these devices:
By their very nature laptops are designed to be able to be taken almost anywhere. In recent years, more people use tablets and phones to meet their needs. Despite sales dipping slightly, they still sell in their millions every year. Your staff have them so they can work anywhere they need to, whether at the office, on a client site or at home. They will have data stored on the local drive and have access to your company data, whether that is stored in the Cloud or on your local infrastructure.
The very nature makes it easy (!) for them to then be lost and the IT security issues begin:
- The most common password used in 2016 was 123456, with password being the 8th most used password. (How many more times can I use the word password in one bullet point?) This makes it very easy for others to get to the data stored locally.
- Depending on whose laptop it is, there is almost certainly going to be personal data of some sort on there:
- HR Director has staff data
- Sales staff will have client and prospect data
- Marketing will have endless data sets
- Your intellectual property data puts your company at risk
- The personal data puts you at risk, under GDPR, of a big fine from the ICO and a huge reputational dent from the media and your clients.
- You have 72 hours to report a data breach to the relevant supervisory authority: more time lost and another reputation dent.
Although less likely to have personal data stored on the local hard drive, the real data security risk is email. We all have our email going to multiple devices to make our lives as easy as possible. The emails represent multiple data risks:
- The emails themselves have PII (personally identifiable information) in the form of email addresses, phone numbers, work addresses and social media account details, as well as, potentially, account details and passwords.
- All those attachments…..
I’ve not even started on how either device can give access to the company network, so what are your options and what are your responsibilities so that you aren’t exposing your business to the reputational, financial and existence risks?
Improve your IT and Data Security
Let’s start with the basics and go from there:
- Implement password rules that require your staff to have more complex passwords and change them every X period, say 90 days. Your IT company or staff can easily set up Network Rules to make this happen.
- Use the security tools in-built into Windows 10, such as facial recognition, to make laptops more secure.
- Similar functions are on most smartphones, whether biometric systems such as fingerprints or facial recognition, or drawing patterns instead of a simple PIN.
- Consider two-factor authentication to further secure your laptops and PCs. Solutions such as RSA keys or smartphone solutions will make it extremely difficult for someone to get your data without both devices.
- If you have a BYOD phone policy, look at separating the business and personal sections. You can envelop the email, and other corporate functions, so that, in the event of a lost phone, this data can be remotely wiped. If a member of staff leaves, the same thing can be done.
- Do you have privacy screens on your devices? When using them in public areas, such as trains or coffee shops, your may be exposing data to people who shouldn’t have access to it. Privacy screens can be bought for virtually every device now. Although not the most aesthetic products in the world, they keep your data safe from prying eyes.
We hope these tips prove useful. If you’re worried about how to implement and IT security policy for your mobile devices, we’d love to help.
Please give us a call on 020 7227 9700 or email us at firstname.lastname@example.org.