Do you have security protection for mobile computing and working from home? Although sometimes absolutely necessary (e.g., during a global pandemic), they introduce different types of risks and threats to organizations.
Effective security protection controls need to be in place to protect these types of remote working scenarios, the associated business functions being performed, and the data involved. Mobile computing and working from home is the focus of pitfall #38 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.
Usage restrictions, configuration requirements, connection requirements, and implementation guidance should be established for all organization- controlled mobile devices. The connection of mobile devices to your organization’s networks, systems, or applications should be authorized prior to connection. Full-device encryption or container-based encryption should be used to protect the confidentiality and integrity of information on mobile devices. Personnel should be required to report any lost or stolen mobile devices. Your organization should have the ability to wipe mobile devices remotely to remove all information if they are lost or stolen.
Users that work from home or remotely should be regularly reminded of the Security Protection Program controls that are in place to protect information and information systems. This is necessary whether users work remotely in perpetuity by design, or when required due to your organization’s response to local, state, national, or global events. All personnel should be required to comply. Security Program controls do not cease to exist due to unfavorable or otherwise new working conditions.
Particular attention should be given to mobile computing and work-at-home risks. It is great to have data at our fingertips regardless of our location, but one errant click of an email in a relaxed environment or one lapse of judgement that leaves a laptop on the passenger seat while going into a store or pharmacy for “five minutes” can result in a reportable incident.
To learn more about this pitfall, and 99 more, get my book: 100 Security Program Pitfalls and Prescriptions to Avoid Them (available on Amazon here). Or register for a demo of the ASCENT Security and Compliance Portal and get a free synopsis of the 100 Security Program Pitfalls eBook today.