Do you have employees, contractors, or volunteers who use a smartphone or laptop at your facility, and also take it offsite? If the answer is yes, it’s time for you to do a bit of information-gathering.
Why? Because you need to understand how these devices are being used, so you can provide guidelines and help your stakeholders reduce risk to your business. The threats, in a nutshell, are about data breach and business continuity. Here are just a couple of examples that illustrate the risks:
Example 1: Hot Spot Security
Your people might be using public wifi hotspots to access their work email accounts, Salesforce accounts, or other applications that contain data about your business, clients, or patients.
Connecting a portable device to an open public wifi hotspot (such as at a library, hotel, or cafe) brings a host of risks. Even a passworded connection can be risky if the password is available to all patrons. A bad actor can set up a wifi signal nearby using the same signal name and password. When unsuspecting users connect to this evil twin hotspot, all of their data is captured as they work.
If the data captured includes login credentials for your business-related applications, then you’re in for a bumpy ride. You could get locked out of your applications and data until you pay ransom; or your data might be “liberated” for nefarious purposes. State data breach laws often apply, and if your business is a HIPAA covered entity, a breach may trigger an investigation, huge fines, or even criminal charges.
Example 2: Device Security
Your people might be neglecting to properly secure their laptops or smartphones (by means of password protection and encryption). To make matters worse, they could be allowing their app login credentials to be saved for easy access. In this case, if the device is lost or stolen, your business is – again – very exposed to data breach and account lockouts.
Start with an inventory
Addressing portable device safety is a three-step process. Fortunately, it’s easy to get started! Your first step is to make a list of the devices and find out how people are using them. This is your INVENTORY. You will ask which work tasks they do with their portable devices, which work-related applications or websites they use, and how they manage their passwords.
Once your inventory is finished, you’ll have the information you need to understand what risks your business is exposed to. We’ll cover this in Part 2, so look for it in your inbox next week.
Here’s a device inventory form to get you started. Print it on legal-size paper. This form was created by Codestar, so you know it’s safe. (Be very cautious when downloading spreadsheet files from unknown sources.)
Libre Office Calc format