Part of ArcSite's Contractor Marketing series. Revisiting and evaluating your contractor marketing strategies and tactics is vital - find out how.
Remove Your Risk: Addressing Device Security Concerns When Creating Site Plans
You may think that securing your mobile devices is overkill, but ransomware, privacy breaches, and other attacks would beg to differ. In addition, what you do to secure your mobile devices can also boost productivity and profitability. Finally, it’s worth looking at the debate between bring-your-own-device and company-issued device models.
Cybersecurity for the trades
Cybersecurity is a lot more involved than installing a spam filter on your company email. Bad actors (as they’re called in the security space) are always looking for a way into businesses of every size.
Ransomware and other hazards
Ransomware is a big part of the security landscape, and for good reason. It’s not unusual for an attack to cost more than six figures and take weeks to resolve. The way it works is that hackers get into your network through lax security practices, and then they freeze your business out. You can’t do any work until you’ve paid the ransom. Don’t think you’re immune - mid sized businesses are some of their favorite targets.
There are plenty of old school viruses and malware threats out there beyond ransomware, including phishing, in which bad actors try to make users click on a link in an email. These can seem incredibly realistic. When a user clicks on a phishing link, it will usually install some kind of malware on your mobile device, or even spyware to track what you do.
If your company is on Android, droppers are a new danger. A dropper is a small and seemingly innocent app that users download off third party app stores. Once you’ve installed the dropper, it installs many more apps, all of them malicious. Even more evil, a dropper can install other droppers, making for an infinite feedback loop that can be hard to break. Malwarebytes research shows that 14% of Android devices have at least one dropper.
iOS malware is less common, but it is still very much out there. Generally, users fall for a phishing email and click a link to download a malicious app.
According to a Verizon report, 58% of company devices had at least one malicious URL clicked. 16% had at least one piece of malware installed. That’s scary, but preventable. Read on for advice on prevention.
Data breaches happen all the time, and the biggest ones end up plastered across the headlines. Smaller breaches happen many, many times per day across the world. What do you lose in a data breach?
Your own personal data, like banking information and passwords
Your customers’ data, including personally identifiable information (PII), and even potential payments
Your reputation, when your customers learn of your security issues
Your business, including incurring personal liability
To avoid these dire consequences, you need to batten down the hatches on every way your technology interacts with the internet.
Now that we’ve thoroughly scared you, let’s talk about protecting your mobile devices.
Mobile device protection in and out of the field
It’s crucial to take the time to fully protect your devices, your business, and your customers by creating a security plan that encompasses some basic but important areas of vulnerability.
You almost certainly protect your devices with rugged, shock-proof cases and screen protectors. They’re in an environment where a physical disaster could take place at any moment. But what more can you do to make sure that your devices are physically secured?
The biggest factor to consider when thinking about physical security is authentication. Loss and theft happen, but that shouldn’t make it easy for just anyone to access the device. Ensure that your crew and teams have enhanced security on their devices, preferably a biometric like fingerprint scanners or face recognition, or a six (not four) digit passcode.
Multi-Factor Authentication (MFA)
Building on the points above, if a device is physically locked and someone still manages to break into it, you need a way to protect your valuable data. MFA exists to fill that gap. You’ve undoubtedly had to use MFA, so this might be a retread.
You log onto a website, and it requires you to use a validation code after you enter your password. That code is usually texted to a phone number you have on file in your profile, but sometimes it’s emailed. Then you enter the code and go about your business. MFA depends on a thing you know (password), and a thing you have (phone).
MFA is a safety net that allows you to be productive and safe at the same time. The thing is, almost no one enjoys MFA. It adds a step and sometimes frustration. It throws you off your groove until you’re used to it. Do it anyway and mandate it for all of your company devices.
It’s a bit harder to secure devices when they connect online. That’s true no matter how you connect - through 5G or WiFi - or where you connect. And malware must be met with fierce resistance, on all of your devices, or, as professionals call them, endpoints. You have a few options here.
Malware detection apps
These apps are installed on each endpoint and prevent users from clicking on that one disastrous link. There are many malware apps out in the wild, but acquiring a reputable solution is vital. Here are a few legitimate options to explore for Android.
Whatever application you choose, make sure to get those endpoints protected ASAP. The right solution won’t make your users jump through unnecessary hoops to do their work, but will still offer all the protection you should need.
Bring your own or buy your own - the ownership conundrum
There are two ways to get your users mobile: have them use their own devices, or purchase a fleet of devices and distribute them. They each have their selling points.
Bring Your Own Device (BYOD) offers instant gratification because you’re mandating that team members use their own smartphones and tablets with your apps and software installed. You avoid capital outlay, and, even if you offer a mobile work stipend, you still save a lot of cash. You get up and running quickly, without having to wait for devices to arrive and be outfitted with the right apps and protections.
That sounds ideal, but there’s a downside. It is often much harder to mandate security on a BYOD. There is often pushback when what you’re requiring for the job butts up against how they prefer to use their own devices. Plus, security tends to be more lax.
Purchasing your own company equipment is a big capital outlay. However, it can pay off when it comes to security, usability, productivity, and management. You can use an endpoint security solution to manage your devices, ensuring that each one is secure and consistent.
Whichever way you go, make sure your team has a clearly defined policy on what must be installed and which risky behaviors to avoid.
Don’t overlook training
When you’re planning your security strategy, be sure to remember to train your team in cybersecurity basics.
For starters, that means you need a written policy of some kind. That can be as simple as a list of apps and basic best practices. Make sure they each sign off on the policy when they’re hired. You can also get pre-built training modules for your team to watch together or separately. These modules are usually quite fun and interesting, with gamification and role playing.
Your employees are often your biggest threat vector. But with the right training, they can become your best asset.
It’s not uncommon for bad actors to target businesses through file sharing. With ArcSite, you can leverage the power of the cloud to share files securely. We provide unlimited cloud storage - all you have to do is upload a project to make it available to your team. Find out how ArcSite can help you button up your security plan by requesting a custom demo.