The Danger of Lax Mobile Phone Security for Your Company

All CEOs are responsible for protecting customer data and most companies now employ holistic IT security protocols for all of their computing systems. Often forgotten, however, are handheld devices such as tablets and mobile phones, increasingly vulnerable to cybercrime and rarely given the protection they warrant. If your staff are accessing their work emails or other documents on their mobile phones, it is the job of the CEO to ensure your customers continue to be protected. Don’t leave yourself vulnerable to cyber attacks by overlooking all the devices used by your staff.

The first task for any CEO is to make their staff aware of this area of risk. Workers cannot be expected to protect themselves against something they are unaware of but once you have conducted meetings and workshops pertaining to this new element of your IT security, they will be obliged to follow the new procedures. They themselves should be willing to work with the company to secure their phone because it will keep their personal data safe as well. Workshops will equip staff members with the knowledge and understanding necessary to keep themselves and their mobile phones safe from cyber attacks. They should also be taught what to do in the event of a breach or if their phone, tablet or laptop is stolen or lost. Fast action in the face of cybercrime can significantly limit the damage done. 

Every company should have a detailed IT security policy. CEOs should be updating these regularly to keep up with the ever expanding world of cybercrime. Make sure this policy includes mobile phones and tablets. Whether these are company issued or the private property of employees, if they are used for work functions at all, strict security practices should be applied. These include the following: 

  • Using two-factor authentication 
  • Setting strong passwords and regularly changing them 
  • Only installing apps from reputable stores 
  • Backing up data 
  • Not connecting to unsecured Wi-Fi networks 
  • Being careful about who has access to your phone  

There are two kinds of cyber attacks on mobile phones. One which is targeted at someone who is known or believed to have access to valuable information. The other is completely random and involves hackers simply attacking numerous mobiles in the hope of coming across something of value. Of course, the former is the more concerning one to fall victim to because it implies the cyber criminals are well-informed and after something specific. Some people in companies, such as the CEO themselves, may be more at risk than other members of staff but everyone should employ stringent IT security policies when it comes to their mobiles just in case. 

If you think your staff are high-risk targets for cyber attacks, consider requesting them to install a security application specifically designed to protect company data. Although this is a relatively new form of mobile threat defence, companies such as FireEye, Better Mobile and Lookout all have applications available now. The spread of cybercrime from traditional computers to our handheld devices is well and truly underway and every day new developments occur on both sides of the IT security war. The only thing you as a CEO can do is keep up with them and make sure your employees are all working alongside you to secure your company’s valuable data and keep the private information of your customers safe.  

_96012299_gettyimages-507473994
IT security
Advertisements

Tech-Savvy Employees Can Be Dangerous

Most job advertisements these days cite the importance of computer literacy. From Microsoft Office packages to social media management to coding to graphic design, there is always use for technological skills in business. Although every employer wants a tech-savvy team behind them, there are some cyber crime risks to filling your company with these people. While these skills can be used to boost your business, they can also be used to exploit it, taking advantage of weakened internal IT security and launching cyber attacks from inside.

Here’s a horror story for bosses around the world. A former security officer, Yovan Garcia, has been found guilty of bypassing IT security, hacking his former employer’s systems and conducting a number of cyber crime activities. Firstly, Garcia changed his timesheets to show he worked significantly longer than he did, entitling himself to additional overtime pay. His cyber attacks went further than simple financial rewards, however, and he stole records and details when enabled him to set up a competing business. Garcia was found guilty and ordered to pay back $318,611.70 to his former employer, with additional legal costs potentially added in the future.

It is often far easier to launch these kinds of cyber attacks internally. Garcia managed to get hold of login credentials which enabled him to gain access to the systems. He had not been authorised to do so. However, speculation suggests another employee may have handed them over, intentionally or otherwise. People are automatically more likely to trust their colleagues and not suspect them of being an IT security risk. With the company’s guard down, this environment can be rich pickings for black hat hackers who want to use their skills for cyber crime.

Of course, this is a highly pessimistic view of society and the vast majority of people are not going to set out to maliciously exploit their employers through cyber attacks. However, the fact remains that an increasing number of people have, in theory, the capacity to commit cyber crime. Once you know your way around a computer, you can use your skills in any way your moral compass tells you to. So the question you should ask yourself when you’re hiring new tech-savvy employees is: are they white hat hackers or black hat hackers?

The best way to protect your own company is to heighten every aspect of your IT security. If your software is up-to-date and you have strong firewalls, your weak-points are your employees. Firstly, you need to conduct regular training sessions to ensure every one of them understands the importance of constant vigilance when it comes to cyber crime. Secondly, you need to employ people you trust. High staff turnovers leave your vulnerable. When you must hire new employees, references from previous jobs are essential. Don’t let your guard down and be sure to scrupulously uphold your IT security protocol to ensure you too don’t fall victim to an internal cyber attack.

For more support and advice on this topic, contact Ctrl IT and speak to one of our experts.

_96012299_gettyimages-507473994
IT Security