Mobile security and remote work
Safety of telework
When you use business equipment outside the organization’s IT security area, it can create a weak link in the entire IT infrastructure of the organization. If it is not properly secured, such remote connections could be used by threat actors. It is important to protect your mobile devices as well as any sensitive information and data, both at rest and in transit. Threats can potentially affect the confidentiality, integrity and availability of information.
The risk of telework
Be aware that teleworking increases the possibility of:
- Physical access to your device by unauthorized users, which may lead to breach, damage or theft.
- Placing malicious code on the device.
This can lead to:
- Traffic manipulation (an attacker inserts his own traffic to influence data and gain access to a mobile device or organization’s network).
- Social engineering, whereby threat actors trick you into sharing information or accessing a device.
- Compromised login credentials, forgotten password, poor security settings, etc.
- Compromised communication links:
- Eavesdropping – an attacker eavesdrops on Wi-Fi traffic or records online activity. This may include capturing usernames and passwords.
- Service theft – when an attacker tries to use a web service or the computing power of a remote worker for their own purposes (e.g., sending spam).
One of the possible technical security measures are MDM UEM systems and EDR class systems. The first group allows for the implementation of management policies and security policies, while EDR class systems protect devices against attacks on devices connected to the system.
- Limit computer use to yourself only (e.g. do not allow family members or other people to use an account created for work purposes)
- Follow the business data retention policy, always store business data in the approved cloud or local storage
- Implement full disk encryption in case your computer is lost or stolen
- Use trusted antivirus software that provides real-time protection as well as (at least) a weekly full disk scan
- Use password screensavers that activate when the user is inactive
- Make sure your operating system and applications receive regular patch updates
- Secure your home wireless router with strong passwords, WPA-2 encryption (not insecure WEP encryption) and MAC addressing if possible
- During your stay at the hotel, secure your device by locking it in a safe in your room or at the reception desk; never leave your head in a hotel room unattended
- Use a security lock to physically prevent notebooks from being stolen whenever they are left unattended
- Never use unapproved, unencrypted USB drives or portable hard drives to store business information.
- Use strong identification and authentication such as public key infrastructure (PKI) or two-factor authentication
- Dispose of printouts containing confidential information using an approved shredder or place them in a secure waste container at the workplace
- Do not leave sensitive data that can be accessed or copied onto the computer unattended
- Turn off Wi-Fi and Bluetooth network services when not needed and when traveling by public transport
- Instantly report suspicious, suspected, and actual security incidents to the IT security team.
The organization’s IT department can perform security measures on the device.
These actions may include:
- Regular monitoring and maintenance of the device.
- configuring and updating operating software, basic applications and security software
- Using network security systems to monitor traffic
- Using firewalls to block unauthorized traffic.
Additionally, remember to:
- Use your device only for work-related purposes and not for personal use
- Do not install or configure software or hardware on your device
- Learn how to safely use a device that has been issued to you
- Always follow your organization’s security policies know your security responsibilities
- Never connect an unencrypted USB key or other peripheral to the device
- Back up information on your device to prevent data loss
- Make sure the information on the device is encrypted at rest
- Access only explicit or non-sensitive information
- Follow the employer’s data retention rules
- Always connect to the organization’s network using the hardware provided to create a secure, encrypted channel through a Virtual Private Network (VPN)
Thanks to the Mobile Iron (MDM / UEM) solution, it was possible to secure mobile phones of management staff who have access to sensitive information via mobile phones. The system made it possible to detect hacking attempts to these devices.
Thanks to Crowd Strike (EDR). We managed to secure the computers of the company's employees (90% of remote employees), who are largely outside the protected network. Logs from EDR allowed to identify the number of attacks on devices and allowed to improve the configuration of devices in terms of security.
Thanks to Baramundi (endpoint management system), it was possible to implement hardening of workstations and to use the built-in MDM to protect mobile devices.