The coronavirus pandemic is entering a “fatigue” phase where people are now tired of staying at home. Leaders across the world are slowly easing on the lockdown restrictions. Surely, work must go on amid the pandemic. Continuous lockdown would make the coronavirus win as businesses and economies collapse.
People are slowly starting to travel to their offices and workplaces to eke a living. But this brings some challenges. People are so worried about their businesses and career that some have become relaxed about cybersecurity responsibilities. In a time that many people are far less accustomed to the previous commuting routines, security precautions, there is likely to be a sense of laxity in the way they secure mobile devices, especially as they travel to and from work after the ease of COVID-19 movement restrictions.
The greatest risk now lies in protecting information assets as people strive to keep time to beat the curfew deadlines.
A couple of weeks before the lockdown came into effect, we witnessed a number of travellers lose their treasurable gadgets to roaming street dwellers, having fallen short of vigilance in the traffic jams of Kampala. The same was said of other cities like Nairobi and Jo’burg. The right question to ask is “How many of the victims had secured or backed up information on the arguably non-retrievable devices?” Just a critical question to ponder. Gone are the days when you are most likely to be alone on the road. Imagine losing a smartphone with 256 GB storage, of which you have used over 100 GB memory! Without a cloud account with a regular backup routine, it is possible to lose all the memories and files. During the lockdown, some companies fast-tracked the bring your own device (BYOD) policies and allowed their staff to access company emails on their private mobile gadgets, and laptops. If you lose such a mobile device, not only is your data lost but that of the company as well. That could be trouble especially in terms of intellectual property theft.
The transition from home to work is yet to be a challenging one, not only economically but also regarding the safety of intellectual property amid unpredictable losses and hacks of employee devices. It urgently calls for teleworkers to secure their networks and bring your own device (BYOD) devices such as laptop computers and other personally owned mobile devices e.g., smartphones and tablets. Even then, backup procures must be defined and implemented accordingly to avoid potential loss of critical data.
Considering the fact the threats against mobile devices are increasing, it is worth implementing these cybersecurity recommendations, selected from the NIST guide to telework and BYOD security:
- Limit access to the device. Using some sort of authenticator (PIN, password, or biometrics e.g. owner’s thumbprint) deters access to the employee’s information and service by a person who gains unauthorized physical access to the device. It is also advisable to configure the devices to lock themselves automatically after an idle period.
- Disable networking capabilities except when needed. Attackers can try to use necessary networking capabilities, such as IEEE 802.11, Bluetooth, and NFC on mobile devices to access information and services. You must disable each networking capability that is not being used.
- Keep devices updated. Most mobile devices can be updated or patched to eliminate known security flaws. Follow the provided instructions to ensure that security updates are identified, acquired, and installed regularly, at least weekly.
- Encrypt data at rest. In the event that your device is stolen, some thieves may want to read the contents of the data on the device, and quite possibly use that data for criminal purposes. Most operating systems have their own full-disk encryption mechanisms, and there are also numerous third-party applications such as VeraCrypt that provide similar capabilities. You should follow your organization’s policy for encrypting all sensitive data when it is at rest on a device and on removable media used by the device.
- Back up data on your devices. Most organizations have policies for backing up data on a regular basis. If data is being backed up remotely to a system at the organization, then the communications carrying that data should be encrypted and have their integrity verified. Similarly, if data is being backed up locally to removable media such as CDs or flash drives and hard drives, the backup should be protected as well as the original data is.
- Do not connect the device to an unknown charging station. Many charging stations enable people to recharge their mobile devices through direct-wired connections between a device’s USB interface and the charging station. Unfortunately, someone may have altered a charging station, such as one in a public area, so that it attempts to automatically gain unauthorized access to the data, applications, services, and other resources on mobile devices that attach to it.
Copyright Summit Consulting Ltd 2020. All rights reserved.