Last time, we talked about a few different types of device setups you can use when traveling and working remotely. Now we want to discuss how to ensure that your data is always secure, no matter where your staff is.
Cybersecurity and IT security is a critical aspect to all businesses and organizations. It’s important within your office walls because that is typically where you house most of your IT infrastructure, it’s generally where you store data, unless you are using the cloud.
Even if you are using the cloud, however, there’s still a lot to protect from within your walls, as that is where most of your endpoints are accessing this data.
If your organization is fully or partially remote, or even if you just have a few key employees that travel occasionally, that adds a little more risk and variance to the mix.
Let’s say you have a lab full of scientists running experiments on something very, very small. It could be a virus, or a type of mold spore, or any other teeny tiny microorganism. They have a few hundred of these little critters, and want to perform some tests on them where extreme accuracy is the key.
Let’s also assume that buying more of the specimen is extremely expensive, to the point where it’s really not something that’s affordable. Loss and contamination are essentially considered critical failures.
Obviously, the laboratory is going to be sealed. The environment will be extremely sterile and clean—no pollutants in the air or on the work surfaces that will harm or corrupt what’s being studied. The air in the room will be purified so there isn’t any dust or other contaminants. Fans, vents, seams in the wall, doors, and virtually any other cracks and crevices will be sealed to prevent drafts, air movement, intrusions, and even escapes.
Nothing and nobody leaves or enters the room unless it is cleaned, sterilized, and follows a standard setup procedure to keep everything safe, both inside and out.
This is the ideal situation; it minimizes risk and contamination. It ensures that the scientists can work as effectively as possible without losing or destroying the little critters they are testing, and it ensures that the samples can’t find their way out.
This is essentially how a really good internal network is designed. Devices on the network can govern everything that comes in and goes out, what devices connect to it, what can’t, what’s safe, what’s blocked, and the end goal is to ensure the protection and control over the company’s data.
Granted, we’ve found that not every business network is actually set up this way, but generally, following a long list of network best practices goes a very long way in protecting your data and keeping everything on it running smoothly.
Take a work device off the network and connect it to, say, a hotel’s Wi-Fi, and suddenly you have a lot more variables. Is that connection secure? Is there sensitive data on the device that can be accessed? Is data still getting backed up?
Fortunately, the good news is that remote devices can be secured just as well as onsite devices, it just takes a series of steps and practices to make sure everything is done correctly.
In our last blog, we mentioned four major considerations when it comes to securing technology that is outside of the office.
Let’s break these down and talk about how to counter them.
An average of 70 million smartphones are lost each year, with only 7 percent recovered. According to Kensington, a laptop is stolen every 53 seconds. Electronic devices are prime targets for thieves for a few reasons; they sell well, they can be stripped for parts, and the data can often be sold on the Dark Web or used to extort the business.
While it’s always a best practice to contact the authorities and your insurer when a device is lost or stolen, you shouldn’t expect much. Yes, there are tools to track a device’s location and all of that, but criminals are pretty good at disabling those. Consider the hardware lost and if you do recover it, consider it a fluke.
The point is you need to ensure that your data can’t be stolen in the process.
First and foremost, you shouldn’t be storing company data on an endpoint, whether it’s a desktop PC in your office or a laptop for a remote worker. Company data should be stored on a centralized server that you control, or a secure cloud environment. Sensitive data like client information, trade secrets, financial data, passwords, and everything else shouldn’t be sitting on the hard drives of these devices. That’s what your server is for.
Of course, there will still be some sensitive data that might not be in your control. A user might accidentally save a spreadsheet in their internal documents folder, your CRM might have cache files that store on the local machine, and a user’s browser history and temporary internet data might hold a wealth of information that a thief might be able to quickly recover and use.
That’s why all endpoints should have encryption on the drives. This is typically done through a service like Bitlocker; Microsoft’s built-in encryption feature. Bitlocker forces a user to enter a password before Windows even starts to boot, which decrypts the drive. If the thief doesn’t know the password, the data is simply impossible to steal.
Your business should have a policy that enforces encryption on every laptop and desktop, giving only the user and admin access to the data.
Before we get into the weeds here, I want to clarify something. There are essentially two types of VPN (Virtual Private Network) solutions on the market. There’s the kind that you often get ads for in podcasts and YouTube videos, and then there is the kind that businesses use to protect the transmission of company data.
There’s nothing inherently wrong with the slew of consumer-based VPN solutions out there, but they are designed for just that—consumer use. They tend to connect to an array of public servers, encrypting your data and connecting your device to that remote server in order to access content on the Internet. It’s sort of like remoting into someone else’s computer, except you are dialing into a massive hub and your activity is more or less anonymous from there.
The business VPN works the same way, but it doesn’t connect you to a huge public hub—it directly connects you to your office network. It encrypts the data that transmits between you and the network, so it can’t be stolen while it is in transit. This makes it safe to connect to public Wi-Fi, which can otherwise be a security risk.
Public Wi-Fi networks, like those found at airports, restaurants, hotels, and pretty much anywhere else, can be dangerous. Another user on the network could potentially access your information, or even plant a passive device on the network that sits and listens and steals data.
On top of that, as we mentioned before, you want to have as little sensitive data on a traveling device as possible. If you can get by simply connecting to your office when on the road to access documents, email, and other data, then you can use a VPN without having everything stored directly on the laptop.
It’s also very simple for the end user. A VPN can be set up to automatically connect when connecting to unknown networks—once the laptop connects to the Wi-Fi, it will automatically connect to your office network and it will work exactly like you were sitting at your desk in the office.
Yes, you want to avoid problems like data theft and cyberattacks, but modern IT solutions can actually help your employees get more done, more effectively. It’s all about giving them the tools to be successful, and modern IT solutions can streamline and optimize your processes, which leads to happier employees and better work getting done.
It doesn’t have to be prohibitively expensive either; at Capstone Works, we’re passionate about finding a balance that helps drive your business forward without going outside of your budget. Getting started is simple; just give us a call at (512) 343-8891.
About the author
Capstone Works, Inc. has been serving the Cedar Park area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Comments
Learn more about what Capstone Works can do for your business.
715 Discovery Blvd
Suite 511
Cedar Park, Texas 78613