Beware of private computers and laptops
The biggest risk for the company is a situation where an employee uses to work their own equipment. So your computer, laptop, tablet, mobile phone or USB drive. These devices are completely beyond the control of the company. "Internal stored and processed data is for home office outside the protected environment of the company. In any quantity and any time. Memory drives have a large enough capacity, and as long as there is no place for them, so one deletes only the minimum, "said Martin Hanzal, CEO SODATSW, which has developed a new encryption product AreaGuard Neo. Huge risk is the fact that the password or USB disk shared by multiple people. For example, a parent and child. "We know of cases where a teenage child sensitive data published on Facebook. Therefore, I advise that companies allow employees with their own equipment access via terminal server. Then the sensitive data on private facilities can not download the "recommended Hanzal.
The importance of centrally managed security policies
The most common mobile devices, on which employees are working, notebooks. And companies often make the mistake of neglecting these devices forest policy, the central management of security policy of the organization. It ensures that the required security settings on all of these laptops. It is all about access control, antivirus protection, firewall function properly. And also about the encryption setting, monitoring work vnitrofiremními data and other important safety features that are standard within the organization. Moreover, it is necessary to ensure safe access to the internal network via VPN organization, ie a virtual private network. This allows the employee to work anywhere in the same way as when sitting in the office.
User account access rights
The fact that ordinary employees have set admin rights on the laptop, is another very common mistake. Because this notebook is completely out of control. Employees also tend to use too simple or easy to detect passwords. This problem can be removed but membership in the domain. Another risk is that the user account that employees can also work with a computer family members - mostly children. Therefore, it is good to have on a laptop, a second user account with limited access rights to vnitrofiremním locally stored data. Under this account can not access the internal network and can not therefore use the available family members. This account can be used by an authorized user in the event that joins in hazardous environments, such as a public wi-fi network, the Internet.
Encryption without requiring
Any device with sensitive data, which brings the employee outside the company must use encryption for sensitive data organization. In practice, the most effective protection is to encrypt the user profile. It contains a file with sensitive corporate data and all mail correspondence, including contacts, calendar and tasks. Encrypting the entire profile ensures that data is accessible anywhere only by their lawful owner and no one can exploit even if lost or stolen laptop. At the same time that the employee does not impose any additional requirements. If the laptop is in a domain, then remains only one user authentication - Requires knowledge of a single password. AND IT management has exactly under control, if all the data is safe. Similarly, it is also necessary to use encryption for all data that is transferred over the USB flashdrive and external drives.
Do cell phones only part of a post
Tablets and mobile phones are a big security risk for all companies that thinks about protecting their data. Tools to manage them are still very limited, prohibitively expensive and also inconvenient. Therefore the only effective protection is to these devices do not save any sensitive data. And use it only to save the local post office. "These devices generally serve rather to look at the data. But it also suggest you use access via a terminal server. It is also good to train users and to create a directive to use tablets and mobile phones. Example, the directive determines that the device must protect the access password, which is always necessary to specify more than five minutes of inactivity, "recommended Martin Hanzal from society SODATSW. It is also good to turn on the internal memory and encryption to avoid long-term storage or store sensitive data organization.
Source: Lesenský.cz