Increasingly demanding workloads, along with the need to keep pace with the speed of business, have set the stage for enterprise mobility. With a mobile workforce comes increased security risks, but those risks
Employees and mobile devices
Among the variables in laptop security, end-user behavior is the most important. Train mobile employees on the concerns around transporting sensitive corporate data on mobile hard drives. Remind employees of good practices such as logging off or locking their machines when they're not in use.
The physical security of mobile devices should be paramount. Teach users to treat these devices as they would a wallet or a purse. Never leave the device out in the open, unattended, on a table, bar or car seat. Also, users need to be aware of their surroundings. A pair of wandering eyes on a plane or at a café could be observing sensitive information by a technique referred to as "shoulder surfing." Privacy filters are an option, but they're not a replacement for good judgment.
It is also critical that your employees know they must immediately report any lost or stolen devices. Time is of the essence when it comes to security and the engagement of software. Options such as severing access to company resources along with remote device wiping are effective only if IT learns very quickly about the lost asset.
Also, make sure your employees understand the dangers of public Wi-Fi. In some cases, a public hotspot at your local café isn't a safe place to transmit sensitive data. Be sure to utilize secure sites that are identified by the use of HTTPS when entering information on forms or viewing emails. Secure Sockets Layer (SSL) technology is currently in place even with personal email accounts such as Gmail, Yahoo or Live Mail.
Mobile device security software
Teaching end users best practices helps, but you'll also need the proper security software. As with most products, there is no silver bullet, so the best approach is layered security.
The first layer should be a whole-disk encryption solution. Products such as Sophos SafeGuard provide an easily deployable template that lets IT encrypt the entire hard drive with minimal impact on CPU overhead. If a laptop is stolen and its hard drive is removed, the thief won't be able to get to the data on the drive. This also satisfies numerous regulatory requirements.
The next layer should be recovery software. There are a number of options, but Absolute Software offers a product called Computrace Mobile for enterprise or residential use at a minimal annual subscription cost. Admins can monitor the whereabouts of the device along with its contents, hardware and software. In the event that employees try to augment the device or circumvent policy, IT can freeze the device, delete it or disable it. Remote file retrieval is also possible, depending on the subscription level. If someone attempts to remove the software, it simply rebuilds itself to prevent tampering attempts.
Of course, all client devices must have some type of antivirus and spyware protection. All-inclusive suites from vendors such as Trend Micro Inc. and Symantec Corp. can fortify your clients with not only the protection you need, but also enable you to monitor these nodes so that all updates and current signature parents are applied.
Lastly, make sure that all laptops use a virtual private network (VPN) client when accessing data remotely. There are different methodologies when it comes to VPN deployment. The SSL VPN is probably the easiest to deploy because the user usually needs only an appropriate Web browser. Applications and files can be assessed with relative ease from any location. The other method would be to install VPN client software on the client machine.
There is no way to completely avoid all risk, but following these best practices will help mitigate enterprise risk. Good software and great planning make for a solid foundation.
This was first published in January 2012