5 Tips to Keep Your Mobile Workforce Safe and Secure

The American workforce has seen its fair share of paradigm shifts — globalization, the internet, and the introduction of cargo shorts and sandals in the workplace to name a few.

The latest in labor initiatives has been the adoption of remote working. The spread of laptops and wifi internet has lead enterprises to begin sourcing their employees from, well, anywhere. In fact, 50 percent of the US workforce is now permitted to work remotely during the work week, according to Global Workplace Analytics’ 2016 study.

The initiative is a win-win in many cases, as a corporation does not have to expense for office space and the amenities that come with it. It’s no surprise that the workforce has responded positively to the change as well. Young parents can spend more time with their family and a lack of commute time adds almost an entire hour back into the average employees day.

While modern-day mobility and BYOD (device) opportunities present substantial productivity boosts, they increase the complexity and opportunity for security threats. Using a host of technologies from Data Loss Prevention, Encryption, and Monitoring services will help organizations limit their security exposure, but cannot prevent everything.

With this new, great opportunity to work from anywhere comes an even greater responsibility to the employee. A personal laptop accessing corporate files on a public network can be catastrophic.

If you’re hiring or plan to hire remote staff for your organization, be sure they receive these five tips before they start:

1) Back Up Everything

Whether it’s in the cloud or an external hard drive, backing up everything you work on can save a ton time and stress if an attack were to happen. Keeping backed-up data will allow you to access exactly what you’ve been working on from prior to the attack.

2) Be Cautious of Public Wi-Fi

Free Wi-Fi access, whether it’s in coffee shops, airport lounges, or hotels, is a huge benefactor to remote working. Unfortunately, they’re also vulnerable to security issues. To avoid issues, ask about your host’s security protocol before connecting, skip any unencrypted Wi-Fi networks, and avoid logging in to corporate accounts or viewing sensitive data when connected to public networks. Briefly using a personal hotspot via cell phone is a great alternative when necessary.

3) Update Operating Systems

Like a vaccine for an immune system, you should keep your computer operating system as up to date as possible. Security updates will often come standard with a new OS. Like a vaccine, they’re proactive (not reactive, like an antidote) in protecting you from the latest threats.

4) Disable Bluetooth Connectivity

“Idle mode” Bluetooth connection can present security problems as well. If your Bluetooth is left on, nearby assailants can connect to your phone and potentially hack into your device. Make sure your phone and laptop Bluetooth connection setting is disabled while traveling, particularly abroad.

5) Always keep your computer in your line of sight

This should go without saying, but many people often ‘trust their neighbors’ when in public spaces to monitor their device while they step out for a call. This poses two very malicious threats: 1. Your entire workstation could be stolen or 2. Your computer could be bugged with using software installed via USB. In both cases, data is almost always completely compromised and the outcome is disastrous.

The bottom line for hiring a remote workforce is that their laptop should be your priority — especially if it’s their personal one. Think of your organizations’ cyber safety as a whole — if even one employee is susceptible to exploitation, the whole organization could tumble. In addition, keeping your employees safe and secure will establish your commitment to security, holding them to a higher standard and keeping your enterprise secure.

Contact JDL Group today for a security assessment of your remote workforce.

The American workforce has seen its fair share of paradigm shifts — globalization, the internet, and the introduction of cargo shorts and sandals in the workplace to name a few.

The latest in labor initiatives has been the adoption of remote working. The spread of laptops and wifi internet has lead enterprises to begin sourcing their employees from, well, anywhere. In fact, 50 percent of the US workforce is now permitted to work remotely during the work week, according to Global Workplace Analytics’ 2016 study.

The initiative is a win-win in many cases, as a corporation does not have to expense for office space and the amenities that come with it. It’s no surprise that the workforce has responded positively to the change as well. Young parents can spend more time with their family and a lack of commute time adds almost an entire hour back into the average employees day.

While modern-day mobility and BYOD (device) opportunities present substantial productivity boosts, they increase the complexity and opportunity for security threats. Using a host of technologies from Data Loss Prevention, Encryption, and Monitoring services will help organizations limit their security exposure, but cannot prevent everything.

With this new, great opportunity to work from anywhere comes an even greater responsibility to the employee. A personal laptop accessing corporate files on a public network can be catastrophic.

If you’re hiring or plan to hire remote staff for your organization, be sure they receive these five tips before they start:

1) Back Up Everything

Whether it’s in the cloud or an external hard drive, backing up everything you work on can save a ton time and stress if an attack were to happen. Keeping backed-up data will allow you to access exactly what you’ve been working on from prior to the attack.

2) Be Cautious of Public Wi-Fi

Free Wi-Fi access, whether it’s in coffee shops, airport lounges, or hotels, is a huge benefactor to remote working. Unfortunately, they’re also vulnerable to security issues. To avoid issues, ask about your host’s security protocol before connecting, skip any unencrypted Wi-Fi networks, and avoid logging in to corporate accounts or viewing sensitive data when connected to public networks. Briefly using a personal hotspot via cell phone is a great alternative when necessary.

3) Update Operating Systems

Like a vaccine for an immune system, you should keep your computer operating system as up to date as possible. Security updates will often come standard with a new OS. Like a vaccine, they’re proactive (not reactive, like an antidote) in protecting you from the latest threats.

4) Disable Bluetooth Connectivity

“Idle mode” Bluetooth connection can present security problems as well. If your Bluetooth is left on, nearby assailants can connect to your phone and potentially hack into your device. Make sure your phone and laptop Bluetooth connection setting is disabled while traveling, particularly abroad.

5) Always keep your computer in your line of sight

This should go without saying, but many people often ‘trust their neighbors’ when in public spaces to monitor their device while they step out for a call. This poses two very malicious threats: 1. Your entire workstation could be stolen or 2. Your computer could be bugged with using software installed via USB. In both cases, data is almost always completely compromised and the outcome is disastrous.

The bottom line for hiring a remote workforce is that their laptop should be your priority — especially if it’s their personal one. Think of your organizations’ cyber safety as a whole — if even one employee is susceptible to exploitation, the whole organization could tumble. In addition, keeping your employees safe and secure will establish your commitment to security, holding them to a higher standard and keeping your enterprise secure.

Contact JDL Group today for a security assessment of your remote workforce.

Failing the Phish Test

Phish testing your employees is a vital part of any security awareness program.  It seems logical that by exposing employees to phishing and helping them identify tactics, the chance of anyone in your organization to be phished lessens.  But does it?

When employees who failed phish tests are called out, made to feel poorly or singled out in a group the exact opposite can happen.

End users are the largest, most vulnerable target in most organizations. In real-world attacks, end users are relentlessly bombarded with spear-phishing and socially engineered schemes.

As the champion of your organizations cyber security, it is imperative that these tests be used as teachable moments to educate and encourage your end users.

Use Failure as a Teachable Moment.

Look at the failure of phish testing in a different light: you’ve identified a weakness in your security that can now be remedied.

Effective Phish Testing Checklist

Every phish test should follow some basic tenets in order to educate users:

  1. The links in a phish test campaign should go directly to a site with immediate education.
  2. Do not call out or embarrass users who fail the test.  Public shaming results in decreased threat reporting.
  3. Do not tie user responses to employee evaluation testing.  Doing so can can create resentment towards security, which is not good for the organization.
  4. Offer encouragement and education by directing users to additional training.  This can be optional or required depending on how many times the user has failed.
  5. Provide additional written materials such as articles and information from other sources.
  6. Reward people who report incidents.  This can be as simple as a kudo’s in the company newsletter or even prizes and contests.  Make sure that your organizations culture gives positive support to employees who report incidents.

Protecting Your Network 

JDL Group can help you put in place the right cyber security measures for you and your organization. If you want to learn more about protecting yourself and your employees from phishing campaigns check out our free anti-phishing toolkit.  

References: 

https://www.infosecurity-magazine.com/next-gen-infosec/reward-flag-phish-highlight-failed/

https://www.sophos.com/en-us/products/phish-threat.aspx

 

Phish testing your employees is a vital part of any security awareness program.  It seems logical that by exposing employees to phishing and helping them identify tactics, the chance of anyone in your organization to be phished lessens.  But does it?

When employees who failed phish tests are called out, made to feel poorly or singled out in a group the exact opposite can happen.

End users are the largest, most vulnerable target in most organizations. In real-world attacks, end users are relentlessly bombarded with spear-phishing and socially engineered schemes.

As the champion of your organizations cyber security, it is imperative that these tests be used as teachable moments to educate and encourage your end users.

Use Failure as a Teachable Moment.

Look at the failure of phish testing in a different light: you’ve identified a weakness in your security that can now be remedied.

Effective Phish Testing Checklist

Every phish test should follow some basic tenets in order to educate users:

  1. The links in a phish test campaign should go directly to a site with immediate education.
  2. Do not call out or embarrass users who fail the test.  Public shaming results in decreased threat reporting.
  3. Do not tie user responses to employee evaluation testing.  Doing so can can create resentment towards security, which is not good for the organization.
  4. Offer encouragement and education by directing users to additional training.  This can be optional or required depending on how many times the user has failed.
  5. Provide additional written materials such as articles and information from other sources.
  6. Reward people who report incidents.  This can be as simple as a kudo’s in the company newsletter or even prizes and contests.  Make sure that your organizations culture gives positive support to employees who report incidents.

Protecting Your Network 

JDL Group can help you put in place the right cyber security measures for you and your organization. If you want to learn more about protecting yourself and your employees from phishing campaigns check out our free anti-phishing toolkit.  

References: 

https://www.infosecurity-magazine.com/next-gen-infosec/reward-flag-phish-highlight-failed/

https://www.sophos.com/en-us/products/phish-threat.aspx