This is the second part to my article on device security, the first part is here:
Device Security (Pt. 1) – CyberAwake
Back to Basics – Device Security
I finished the first part of this article taking a brief look at hybrid home workers, but of course hybrid working does not stay at home – I am writing this in a hotel room, whilst working away from the office. That is where a VPN adds to your device security. I have two recent articles that discuss the fundamentals of VPN security:
The operating system and device security
Regular readers of this website will know about the importance I attach to keeping everything up-to-date with security patches as they become available. Hardware firmware, application software and most importantly for computer security, operating systems, should be set for automatic updates (unless there is a pressing operational situation that prevents this) and these updates should be checked. Octagon Technology has some tools that can help you check that updates have been done and force Microsoft and Windows updates if required. And whilst you are there, check out the advanced threat protection software they supply – you should aways use the best protection software you can afford.
Software Firewalls
Modern computer operating systems come with very effective firewalls – they should not be disabled and your team should understand the consequences of allowing applications to bypass this device security.
Mobile Phones and Tablets
These can be an issue when it comes to organisational device security as the majority of them are devices owned by the employee personally. This makes it more difficult for you to manage the device security, but there are some policies and training you can put in place.
- Make your team are aware of the risks downloading apps – especially from outside the approved app stores.
- Make sure your team keep their devices updated with the latest security patches.
Manufacturers such as Apple support their devices for a longer period of time than most other device providers. Samsung and Google have a reasonable security patch period, but other manufacturers often have very little in the way of security support. You should consider what you want to do about members of your team who do not have secure devices and whether you want them to use those devices for your data.
Device Security
Unfortunately, once you start to get into device security and your organisation’s information security, things can start to cost you money. But it is better to spend that money now rather than spend it on solving a cyber security issue because of an outdated phone or computer.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Technology Solutions | Octagon Technology
Are you using Bring Your Own Device – BYOD – to save money?
NCSC warns of risks with App stores | Smart Thinking Solutions
Photo by RDNE Stock project