Device Security

by | Nov 29, 2017 | Article

Every door in your house is an access point and represents a potential entry way. In the same way, every laptop or computer can serve as a weak link to data or transactions. Computers have a way of getting taken. Whether it is your department’s payment computer or your company laptop, every device must be secured appropriately. Proper endpoint protection of your devices covers the physical environment and the access methods and controls.

Physical Controls

Physical Access covers physically restricting access to the plant or office. This is key to the foundation of security.

On premises.

One of the most visible ways to secure your office environment is to physically secure entry points on the premises. Employees can compromise security without even meaning to, simply by forgetting to enact small security measures that make a big difference. A bit of forethought can increase security with minimal effort.

For example, one strong measure of security is locked doors. Simple, right? Unfortunately, this is an easy place to thwart security unknowingly. People may enter or depart from the office and manage to leave the door slightly ajar, or they may even place something to prop a door open so it does not lock them out. People may think, “I will just be gone for a minute, it will be fine!” but this compromises security in a serious way.

Consider equipping locked doors with key card access, security cameras, and security alarms in case of an intrusion. Talk to your employees about the importance of keeping things locked. There is a balance between being ruled by fear and being adequately concerned with security. It is far better to prevent a security compromise rather than scrambling to deal with the  repercussions of a breach.

Off premises/when traveling.

Often, we can become accustomed to the places and routines we inhabit. If you travel often for work, you can begin to let your guard down. Unfortunately, just because nothing has happened in your travels yet it does not mean nothing ever will. When it comes to security, one should never leave devices unattended when they contain work or confidential client information, even if you think they are secure. Just because you have been to this particular coffee shop dozens of times and nothing has happened doesn’t mean it is safe to leave your laptop or device unattended.

In order to keep the information within your device secure, never leave a laptop or other electronic unattended in public places. Even if you see another professional that you deem trustworthy and you ask them to “watch your stuff” please know that this is far from a fail-proof way to protect your information.

Secured Ports.

Ports are how information enters and leaves your computer. There are physical ports, where the device actually plugs in, and IP service ports. The IP service ports need to be secured, as every open port is a potential avenue for compromise. One way this can be done is through installing a firewall, but attention must be paid to what is allowed through. Any points of access that are left open, and through which traffic is allowed, are potential entry points for hackers.

It may seem tedious or too much to add your current responsibilities, but it is of vital importance that someone in your organization takes on the task of shutting down exposure points. Look at the firewall installed and review what is being let through. Find a time to do this regularly. Security must be a priority for every type of access to your business’s information and assets. It is worth the time it takes to make sure everything is secure. A few hours now can save you significant time and money later.

Dedicated machine.

Some will be tempted to dismiss this section out of hand. It may seem unreasonable. Nonetheless, consider using a separate, dedicated machine for payments. This would be a computer or device without access to email and with specifically controlled and limited access to the internet. Again, the more limited ways for a hacker to enter into a computer, the better, especially where payments are involved. Yes, it may seem like an initial hassle to wrangle up a separate computer and manage email separately from work activity, but when an inevitable hack tries to arise you will be grateful that you took the time to increase security. If the device is not linked to email it can lower the risk of hacking and spear-phishing. Though it may not be a feasible option for every company, it is definitely something to consider.

Electronic Access / Direct Access

Cable Lock.

One of the more practical and physical ways to secure a laptop when traveling or working outside the office is to use an actual computer lock. This is a cable that can attach your computer to something heavy or immobile, making it very difficult (although not impossible) for someone to physically grab your laptop and walk away with it. This can be useful in a coffee shop, hotel, or any other public place. Yes, people may look at you funny when you lock your computer down to the table at a bakery during breakfast, but hey, at least they won’t be able to walk away with it.

Backup.

No matter what physical precautions are taken to secure a computer or laptop, there is still a chance that something can happen. Aside from actual theft or hacking, there are also natural disasters or accidents that may disable a device from being accessed. For the safety of the information, firms should ensure that there is a full-backup of all data on any work computer or device. Ideally there should be several secure copies of the data so that if something adverse does occur, the data and information is not lost.

One useful recommendation is the 3-2-1 rule. That is, 3 copies of the data in 2 different formats, with 1 off-site backup. When it comes to the backup of data one must consider all types of potential data loss- whether it be losing the device, a natural disaster, or a hack that wipes a hard drive clean. And just backing up data is not enough; the backups also need to be well-protected and secured. Consider encrypting back-up data and/or password protecting it. Backing up data but failing to secure those back-ups brings security back to square one.

Clean Up.

Based on what your job entails, you might travel for work or desire to utilize your work computer while out of the office. If this is going to be the case, it is wise to remove any files from the computer that will not be needed. This preventative measure reduces the expanse of data that is vulnerable to theft or cyberattack. Each piece of data holds value, whether it is personal information or key information regarding your company. The mindset of corporate professionals therefore must shift, so that each piece of information is viewed as a precious jewel of the corporation.

With fraud on the rise, it is more important than ever to reduce the risk of attack. Cleaning up the computer before travel can include utilizing those backup methods, so one does not have to worry about losing material that is not stored on the actual computer for that time. Utilizing a resource such as the cloud can also enable an employee to access files without these files being physically present on the computer.

Encryption.

Encryption of data can be one of the strongest methods of security. Encrypting data translates it into an indecipherable code, rendering it inaccessible to unauthorized users. Unless you have access to the key, the data is secure. If your laptop is stolen and the data is un-encrypted, the data has already been compromised. If it is encrypted and there is a remote wipe command, you are in a far more protected position.

There are two types of data encryption. The first is a symmetric algorithm. Symmetric refers to the fact that the encryption and decryptions keys are identical. The same key used to translate data into code is the key used to translate it back into a readable format. In the other type of data encryption, asymmetric, the keys are separate but mathematically linked. One code is public and the other private, therefore enabling an extra level of security.

Screensaver/Password.

Password protected screensavers are a great way to protect your information from being altered or accessed by others. Having a screensaver that kicks on automatically within a few minutes of inactivity can be another wall of protection. The screensaver limits viewing of the information, and the password blocks intruders from logging back on once the screensaver is active. It is wise to have a password that is not easily guessed or hacked. Consider using a phrase, adding numbers and symbols throughout (not just as the last three characters), and never share it with others. A password protected computer is only as secure as the password is strong.

Wireless Hygiene.

In the current technological environment Wi-Fi feels like a necessity for people in every location, from the doctor’s waiting room to a restaurant or the airport. We seek online access constantly, but this does not mean that it is always a wise decision to work over a public wireless network. If you are not cautious you can expose your device to the wiles of hackers who can quickly access sensitive information that is stored on your device or online accounts. To secure your information over wireless networks, consider these tips.

First, ensure that the Wi-Fi network is legitimate to the host establishment. If there is more than one potential network listed, ask the establishment which one is secured through their organization. Once online, if you are accessing secure information make sure that the website address begins with “https.” The ‘s’ shows that the transmitted data will be encrypted. Finally, do not let your phone automatically connect to Wi-Fi. This will ensure that you are not connecting to unsecure wireless networks without your explicit permission. Ideally, when traveling you should only use known secure wireless networks. In some cases, it may be more secure to transmit sensitive information using your cellphone’s data plan rather than using a public Wi-Fi network, and in many cases, it is wise to save secure information transmission for the office.

Reporting Process.

It is possible that even with strong security measures, a device can be stolen or lost. It is therefore prudent to make sure there is a quick and straightforward process to report stolen or lost devices immediately. Ideally this process will trigger actions that wipe the remote device and start other recovery or lockdown activities.

Security is about being prepared for every step of a potential intrusion, hack, or theft. It requires thinking proactively about how to combat any breach that could threaten the information your firm stores. Please note that this is just an overview of some helpful security precautions and not at all a complete list of tools and tactics. There may also be required security compliance measures at your firm, therefore it is wise to review your company’s security protocols regularly. Strategic Treasurer can also help with our SecureTreasury training, aimed at educating employees on wise security practices. For more information click here.

Craig Jeffery

Managing Partner
Craig Jeffery formed Strategic Treasurer in 2004 to provide corporate, educational, and government entities direct access to comprehensive and current assistance with their treasury and financial process needs. His 25+ years of financial and treasury experience as a practitioner, banker and as a consultant have uniquely qualified him to help organizations craft realistic goals and achieve significant benefits quickly. He is responsible for overall relationship management and ensuring total client satisfaction on all projects.