Scottish businesses should follow a five-point checklist to help them control work mobile devices and reduce the risk of becoming the next victim of a cyber attack.
That’s according to the Scottish Business Resilience Centre (SBRC) which has summarised the key points from an upcoming talk by security expert Richard Hollis of Risk Factory – to be held at the Trading Securely for Business Cyber Conference at the National Museum of Scotland in Edinburgh on March 9.
The five measures are:
Quantify – The first stage is to carry out an audit – how many devices have access to your system, and who controls them?
Who still has access to your system and is access always removed when an employee leaves the business?
It is vital to assess the current situation at the earliest stage, before adopting best practice.
Create Policy– create a watertight policy on how work devices should be used or how people should access devices, i.e prohibit access to certain sites, servers or apps.
Is there a clear policy on what staff can do when using work and personal devices? This is not necessarily a censor, but to protect the system from negligence or devious cyber attackers infiltrating through unprotected channels.
Configuration – configure devices with strong passwords and protection software – and regularly update them.
Do employees or systems have insecure passwords? All it takes is one person with a bad or obvious password for a seemingly secure system to be breached – putting personal and business data at risk.
Encryption– Make sure devices are suitably encrypted.
Encryption protects data when sent and received, which creates a two-layer barrier above and beyond any current protection, limiting the ability of a hacker to access information
Recognised services such as Microsoft Office, Gmail and WhatsApp automatically protect your data in this way – as do some cloud services such as Dropbox.
Be Alert– If something happens, have a plan of action – secure devices, change passwords and update any security software.
If anything suspicious or unusual is spotted make sure it is reported.
Actively keep to the best advised practice and carry out regular audits to ensure systems remain as safe as possible.