More and more organizations are embracing flexible work hours and telecommuting arrangements. But, like a double-edged sword, this paradigm shift has also intensified concerns over access to sensitive information that should remain safeguarded within the confines of the physical office.
You may be pondering:
- Are mobile devices such as laptops, tablets, USBs adequately protected?
- What guidelines should staff be observing as they take home corporate information assets?
- How will we know for certain who is connecting remotely to the corporate network?
- How secure is sensitive data being transmitted?
- With whom information is being shared and collaborated virtually?
- How to handle incidents of data breach and possible impact to our business continuity?
- More importantly, how can staff be quickly sensitized to embrace a culture of information security?
Here are 20 best practices to consider:
- Encrypt all mobile devices (laptops, tablets, smartphones, USBs etc)
- Enforce strong passcode authentication
- Lockdown laptop ports or enforce saving data to only encrypted removable media
- Install antivirus and anti-malware softwares and keep them updated
- Perform daily antivirus scans of devices and on-demand scans of files from external sources
- Install desktop firewall and the latest operating system patches
- Review all users with local administrator privileges
- Use anti-theft cable locking mechanism to physical secure laptops from theft
- Ensure data can be remotely wiped if devices are stolen or misplaced
- Ensure data is transmitted only over encrypted secure channel (e.g. VPN and HTTPS websites)
- Use multi-factor authentication for all remote connections to corporate network
- Use Wi-Fi protected access (WPA) point to connect to the Internet and disable access when not in use
- Always authenticate attendees in virtual meetings and manage how information is shared
- Observe security protocols of the office at home as best as possible
- Always store devices and documents in a secure place within the home
- Where possible, store only minimum data required and shred documents before disposal
- Establish clear incident handling guidelines and procedures
- Have formalized information security policies
- Ensure user awareness training is provided on a regular basis
- Review IT Security strategy and Business Continuity Plans to ensure they remain applicable and viable
Failing to implement these minimum measures can virtually swing wide the “front doors” to your most critical assets and trade secrets.
|For more information on standards and best practices please contact our trusted advisor, KPMG in Jamaica at MarketsJM@kpmg.com.jm or contact Shawn Christie, IT Advisory Partner at 876-922-6640.