Date post: | 15-Jan-2015 |
Category: |
Business |
Upload: | rogers-communications |
View: | 280 times |
Download: | 0 times |
2A GUIDE TO SECURING YOUR BUSINESS
Securingyour mobile success
it’s time to sToP thinking about security as a reason to say ‘no’ and sTArT thinking about it as a reason to say ‘yes’.
Advances in technology and mobility come at
us fast and furiously. successful businesses will
embrace the technologies that spur growth but
also remain aware of potential risks and have a
plan to deal with them.
it starts with understanding the many available
security features and tools on the market. This will
help you make better decisions about the wireless
technologies that are best for your business.
in this guide you’ll find 15 practical tips,
suggestions and ideas you can implement right
now to help secure your business. if you want to
dig deeper, we offer links to many other sources of
inspiration.
Dive in now for ideas on how to securely harness
the power of mobility.
3A GUIDE TO SECURING YOUR BUSINESS
15 wAysTo secure your business
what’s your organization’s mobile security iQ? 1. »
Get educated: learn from other businesses 2. »
Kickstart a new iT risk Attitude 3. »
Practical Business security advice
Discover built-in blackberry Defenses 4. »
beyond Pass-code lock: Keeping your iPhone and Data safe 5. »
is Android secure enough for business?6. »
master mobile Device management 7. »
securing Personal Devices at work 8. »
Do you Know where Those Apps Go? 9. »
Hit the road Jack: mobile computing made safe 10. »
shut out Hackers: secure your wireless wi-Fi network 11. »
make network Downtime a Thing of the Past 12. »
device, aPP & network tiPs
securing the cloud 13. »
i spy: monitoring your business from Afar 14. »
Protecting against emerging Threats 15. »
emerging technology tiPs
4A GUIDE TO SECURING YOUR BUSINESS
What’s Your Organization’s Mobile Security iQ?How does your business rank when it comes to proactive security?
1Why It matters
Assessing the security risk of the technology, processes and people
that support your business is the first step in securing your business.
self assessment tools, like the ones to the right, are easy, fast and
typically free. so why not start now?
What It Can Do For your BusIness
Help you evaluate where your business stands and give you ideas •on how to mitigate future risk.
identify the greatest risks to your business and prioritize which to •tackle first.
create a “wake-up call” for your leadership team on risks and priorities.•
3 thInGs you Can Do noW
Take the quiz.1. no matter what your score, you’ll find opportunity for improvement or reinforcement of what to keep doing.
Share the results with your staff2. to educate them on risks.
Build awareness with your leadership team.3. share your scores, including how you fared on existing security measures, to help get buy-in for future security proposals.
don’t assume your Business is secure. Find out For sure.
identify security risks and monitor your ability to respond to threats in your computing environment with Microsoft’s Security Assessment Tool.
Find out how well your business is protecting personal information and how compliant you are with mandatory regulations with this self assessment tool from the office of the Privacy commissioner of canada.
5A GUIDE TO SECURING YOUR BUSINESS
get educated: Learn from Other BusinessesWhat are successful companies doing to protect their business?
2Why It matters
smart companies are becoming more proactive about security, deploying
security processes and security tools to protect their business and gain a
competitive edge. learn from them in the latest security research.
What It Can Do For your BusIness
Fuel change – security best practices from other businesses can •help motivate your leadership team to act now.
Keep you focused on what matters – figure out where to focus •your efforts and how to prioritize security initiatives.
secure your business faster with practical ideas from companies •
like yours.
3 thInGs you Can Do noW
read free annual security reports –1. Take a look back at the past year and ahead to the threats we can expect. Access a full list of free reports from security companies, publishing organizations and iT research businesses here.
Subscribe to free ongoing security news e-blasts or blog posts –2. stay on top of the latest threats with expert advice from iT publishing companies like iT world canada, Tech republic or cneT.
Be part of the conversation –3. security is a hot topic. now is the time to reach out to your network of tech colleagues or attend a mobile tech security event for advice.
get security survey highlights and Practical moBile advice.
Get highlights from the 2010 cio security survey and practical mobile security tips with this webinar from iT world canada.
read this white paper for a realistic vision of how mobile security needs to be considered to help businesses grow
Deep dive into security best practices with the 2012 Global state of information security survey® from Price waterhouse coopers.
6A GUIDE TO SECURING YOUR BUSINESS
Kickstart a new iT risk AttitudeYour employees: responsible risk takers or data daredevils?3
Why It matters
Human error is the primary cause for security breaches in business
today, yet most organizations provide little on-going security
education to non-iT staff. with the rest of the company thinking
risk and security is iT’s responsibility, it’s wise to consider making risk
management everyone’s job.
What It Can Do For your BusIness
significantly increase the level of security in your business.•
build a culture of security and responsibility. •
Help your business be more proactive in new technology decisions.•
3 thInGs you Can Do noW
Make all employees risk managers.1. Add accountability for risk management to performance goals for everyone across the company.
Build a comprehensive communication plan 2. that teaches employees about emerging threats, security policies, and best practices.
commit to ongoing risk management training.3. The lack of end-user training is a growing threat to iT security.
Bring risk management out oF the it dePartment and into everyone’s joB.
Find out how to make risk management more personal in your business with this blog post.
learn about what global iT managers and cios are doing to better mitigate risk with this Global risk study from ibm.
want more?
Get tips on how to help employees understand data risk management here »
7A GUIDE TO SECURING YOUR BUSINESS
Discover Built-in BlackBerry DefensesYour BlackBerry smartphone is a security powerhouse. Are you harnessing its power for good?
4Why It matters
over the last decade, rim has built a sound reputation on the strength
of its security features. This has much to do with business enterprise
(bes) software. but even the best software doesn’t protect against
uninformed or negligent blackberry®
users. implementing a few quick
and easy safeguards can go a long way in securing your devices and
the information on them.
What It Can Do For your BusIness
Protect against unwanted applications and malware.•
manage multiple devices on rim’s stable and secure •operating system.
Protect your sensitive data no matter how it’s accessed. •
3 thInGs you Can Do noW
Set a password policy 1. with a minimum length of 5 characters and a maximum of 10 password tries before automatic device self wipe. click here to find out how to add a password to your smartphones.
encrypt data 2. stored on your device and/or your microsD media card in four simple steps. click here to find out how.
Wipe devices3. before they are passed on to another employee. Go to the options menu on the device, select security, then security wipe. it will ask you to type in BlackBerry to complete the wipe.
get BlackBerry security tiPs and tricks straight From the Pros.
check out this webinar to find out more about blackberry® built-in security tools.
want more?
check out the blackberry® security knowledge base for a wealth of information on all aspects of security for blackberry® devices.
Get 5 tips from cio.com to keep your blackberry® smartphone safe here.
8A GUIDE TO SECURING YOUR BUSINESS
Beyond Pass-code Lock: Keeping Your iPhone and Data SafeHave you thought beyond the basics?5
Why It matters
Apple has polished the business features of its operating system with
security that stretches well beyond pass-code locks. From exchange and
remote wipe support, security and configuration to VPn options and
encryption, Apple users can now keep their iPhones® and the data they
access safe.
What It Can Do For your BusIness
Provide a layered approach to keeping your information secure •with device policies, restrictions and encryption.
Protect all data stored on devices with hardware encryption.•
clear data and settings remotely in the event of loss or theft.•
3 thInGs you Can Do noW
Manage iPhone1. ® through a central console. set up accounts, set restrictions, and configure devices quickly and remotely using a third-party console for mobile device management. click here to find out how.
Set up VPn access and teach your employees how to turn it on, 2. so you can communicate private information securely over a public network. Get help on setting up VPn here.
get a security app.3. security apps can add another layer of protection for business, from biometric security apps that authenticate users with the touch of a finger, to alarms that protect your device from theft or loss.
learn how to keeP inFormation secure on Business iPhones.
want more?
Get more security tips on how to secure your data from Apple here.
Hear what Apple has to say about iPhone® security in this on-demand webinar.
Get informed: everything you want to know about Apple’s security features for iPhone® here.
9A GUIDE TO SECURING YOUR BUSINESS
is Android Secure enough for Business?Did you know the latest Android devices are packed with better security features?
6Why It matters
why should you care about Android™? employees are increasingly opting to
bring their personal devices to work. Android™, Google’s operating system that
powers many of the world’s smartphones, gives you the ability to manage and
secure a good portion of these devices from one simple operating system.
What It Can Do For your BusIness
better control over personal and business mobile devices at work.•
Access to a universe of third-party security solution providers who •can quickly custom build secure apps for your business on Android’s open platform.
set-up, configure and perform frequent security updates with •
relatively little effort using auto-discovery features.
3 thInGs you Can Do noW
Stop saying ‘no’ to personal devices. 1. The last thing you want is a rogue experience at your company. An informed iT department is the best way to ensure your business is secure. Get advice on how to manage personal devices at work here.
Adopt mobile device management (MDM). 2. This is a critical part of managing the plethora of Android™ devices, so take the time to chose features wisely. Get mDm advice here.
use google apps to manage Android security policies.3. Google Apps Device Policy Administration can help you enforce policies and remotely wipe lost or stolen devices.
get Better control and security over Personal and Business devices.
want more?
learn 6 ways to protect your Google phone here.
check out this essential guide to Android™ at work for business users here.
Get 10 tips to turn Android™ into a business phone here.
Get security advice straight from Android™ in this on-demand webinar webinar here.
Get informed: 5 things you should know about Android™ for business.
10A GUIDE TO SECURING YOUR BUSINESS
Master Mobile Device ManagementAre you managing mobile technology on the fly?7
Why It matters
many businesses have a myriad of devices and operating systems accessing
company data. How prepared are you to manage yours? mobile device
management (mDm) tools are quickly becoming a must-have. not only can
they help centralize the control, security and costs of these devices, but they
can also minimize the time spent on maintenance.
What It Can Do For your BusIness
manage assets, inventory management, software licenses, security •controls, and more.
Quickly authenticate your staff, regardless of their device.•
speed up device and software deployment and reduce downtime by •
diagnosing and fixing problems remotely.
3 thInGs you Can Do noW
Prioritize mobile device security and management needs. 1. Figure 6, page 7 of Juniper’s whitepaper has a great list to get you started.
choose an integrated MDM solution instead of many individual 2. tools. ideally it should integrate with network access controls, support all popular devices and cover the full life cycle of devices. check out these mDm players: Juniper, mobileiron and Trellia.
Mean what you say: enforce policy.3. monitor device usage, limiting or removing privileges where necessary, and blocking insecure sites or networks.
centralize your control. minimize the risk.
Find out how mobile device management can benefit your business with this white paper from Juniper and enterprise strategy Group.
This e-book is chock full of juicy discussions on the latest trends in mobility. Topics covered include mobile device management and app development. skip to page 70 for specific advice on device management tools.
11A GUIDE TO SECURING YOUR BUSINESS
Securing Personal Devices at Workis it time for a Bring Your Own Device (BYOD) policy for your business?8
Why It matters
Today’s workers are bringing their own personal smartphones, tablets and
laptops to the office for both personal and professional use. many businesses
have accepted this reality and are creating strategies that offer employees more
freedom in exchange for a higher level of personal accountability.
What It Can Do For your BusIness
Keep employees happy and productive while reducing cost of •ownership for devices.
support telecommuters and create a more flexible work •environment
reduce unauthorized access to company data from staff-owned devices.•
3 thInGs you Can Do noW
Set clear expectations and policies. 1. be clear about which personal mobile devices are allowed in the workplace and how you expect staff to keep these devices safe (managing passwords, using only sanctioned apps etc.).
invest in a 2. mobile device management solution. retain control and visibility over all devices from a central platform, installing software that creates walls between corporate and personal data and enables data blocking or wiping.
revisit reimbursed policies.3. some companies are moving to a shared-responsibility model, implementing optional byoD policies and supporting them with grants, stipends, and loans.
give your team the tools they need to securely access corPorate data From Personal smartPhones or taBlets.
want more?
Get tips from unisys on developing a byoD policy here.
7 questions you should answer before you implement byoD at your company. sybase.
see how smart companies are letting employees use their personal gadgets to do their jobs. wall street Journal.
Find out how your business can capitalize on byoD in this webcast and white paper from unisys.
12A GUIDE TO SECURING YOUR BUSINESS
Do You Know Where Those Apps go?got the latest must-have business app? How do you stop it from accessing off-limit data?
9Why It matters
Apps can pack a lot of power into your pocket. before inviting them in, make
sure you know the full capabilities of these programs, including the amount
of information they take from your employees’ devices. including apps as part
of your regular mobile security check can help keep your business safe.
What It Can Do For your BusIness
Prevent staff from unintentionally exposing your network and •devices to viruses and hackers.
limit the downloading of malicious, pirated or repackaged •applications from unofficial websites.
ensure that apps on business-used devices are not accessing •
sensitive business data without your permission or knowledge.
3 thInGs you Can Do noW
Say ‘no’ to app permissions. 1. Did you know nearly one third of apps in major apps stores access users’ locations? And an increasing number also access contacts? make sure users know when to say ‘no’ to apps that are requesting this kind of information access.
create a pool of approved apps. 2. Define app download policies and make sure users only download (and update) approved software.
use application access control software.3. not all apps are what they seem. These tools look at how your device is behaving and, if it sees something suspicious, quarantines and even remote wipes it.
make sure to include aPPs as Part oF your regular moBile security check.
Find out how mobile apps access personal data and explore security with this report from Lookout Security.
watch this video from No Panic Computing to learn how to change Facebook privacy settings to stop it from accessing employee information.
13A GUIDE TO SECURING YOUR BUSINESS
Hit the road Jack: Mobile computing Made SafeA few simple changes to the way you use mobile computers can go a long way in protecting your business.
10Why It matters
your business is contained on your employees’ laptops, notebooks and
tablets, yet the increasing complexity of technology, connectivity, security
and confidentiality creates unprecedented risk. whenever sensitive
data is stored outside firewalls or accessed through wi-Fi and remote
networks, it’s smart to take added security measures to minimize risk.
What It Can Do For your BusIness
Help employees work safely from home or on the road.•
Protect your business from theft of intellectual property or •valuable devices.
limit access to important data to the intended user.•
3 thInGs you Can Do noW
Save or backup documents to a shared network drive or the 1. cloud, not a hard drive. Protect important files from computer crashes and laptop losses.
encrypt Microsoft Word2. ®
docs. encrypting a document is as simple as right clicking and selecting “encrypt”. why not enforce encryption?
Advise employees of simple do’s and don’ts.3. Don’t leave it in a car, do carry it in a backpack, don’t fall for common phishing scams.
Protect your moBile devices and the inFormation they access From theFt.
Get tips on how to make mobile computing safe in this on-demand webcast.
mobile Computing Video tips from no Panic Computing
Tip 1: learn how biometrics, passwords and encryption can protect your laptops and tablets here.
Tip 2: learn how to identify phishing scams with this video from No Panic Computing here.
Tip 3: learn how to avoid a common security threat for windows XP here.
14A GUIDE TO SECURING YOUR BUSINESS
Shut Out Hackers: Secure Your Wireless networkAre you underestimating the security of your Wi-Fi network? 11
Why It matters
To protect your business, it’s important to keep outsiders from accessing
your wi-Fi network. Don’t hold off on protecting your network; hackers are
increasingly focusing on small- and medium-sized businesses. Fortunately, there
are simple, low-effort things you can do now to improve network security.
What It Can Do For your BusIness
Protect your network from disruption, which can jeopardize •confidential customer data, interfere with supply chain activities and result in lost revenue.
Keep your business compliant with canadian privacy regulations •such as PiPeDA.
Give your mobile staff a secure way to access your network from public •
hotspots when travelling.
3 thInGs you Can Do noW
change wireless router default settings and stop 1. broadcasting your network iD. click here to find out how.
Minimize signal leakage. 2. move your router to the middle of the office and turn it off if not in use for long periods of time.
invest in a virtual private network (VPn) 3. so that mobile workers can securely connect to your network from public wi-Fi hotspots while on the road. click here for more information on VPn
hackers love to Penetrate networks. make sure yours is secure.
want more?
click here for a quick lesson on wi-Fi security with this free online class from Hewlett-Packard.
learn from cisco in this video: what are bots, Viruses, malware, spyware?
7 considerations for your wireless network for you to think about, courtesy of Focus research.
Get quick tips on working wirelessly, both in and out of the office.
15A GUIDE TO SECURING YOUR BUSINESS
Make network Downtime a Thing of the PastHow much revenue do you lose during internet outages? What’s the impact to your reputation if your POS system goes down?
12Why It matters
Downtime for critical systems can mean huge revenue and productivity
losses and impact your reputation. it pays to have a back-up plan when
your primary access to the internet goes down. wireless technology can
help keep your business up and running.
What It Can Do For your BusIness
ensure continuous up-time for transactions, communications, •enterprise applications and other critical systems.
Keep your business running during disease outbreaks, inclement •weather, or natural disasters.
Protect your reputation, customer confidence and employee morale.•
3 thInGs you Can Do noW
identify mission critical systems. 1. understanding which systems require 100% uptime is the first step in building a back-up plan.
Find out how much network downtime is really costing your 2. business. self assessment tools can help you quantify how much downtime is costing your business so you can build the business case for a back-up network access solution.
choose a back-up solution that includes network and carrier 3. diversity. backing up a main wireline connection with wireless network access from another carrier significantly reduces your vulnerability.
keeP your Business uP and running when your Primary network goes down.
How much is network downtime costing your business? Find out with our Point of sale roi calculator and see how much you save with a secure wireless back up plan in place.
Find out how blinds To Go addressed their need for a failover solution for their Pos systems.
see how critical network Access can help your business
16A GUIDE TO SECURING YOUR BUSINESS
Securing the cloudAre you considering putting services in the cloud?13
think aBout how to Protect your data BeFore you move it to the cloud.
Why It matters
cloud computing delivers on-demand, scalable resources accessible
from just about anywhere, through the internet. before moving aspects
of your business to the cloud, it’s a good idea to think about how to
keep your data secure once it’s there.
What It Can Do For your BusIness
Access the latest technology to stay agile and able to adapt to •changing business environments and security threats.
Deliver on-demand self-service to employees without the risk.•
expand what your company does and who you collaborate with.•
3 thInGs you Can Do noW
classify data based on how critical it is to your business. 1. before you decide what data to move to the cloud, consider your risk tolerance and legal or compliance responsibilities.
Perform due diligence when choosing cloud suppliers. 2. Get references. research their audit process. negotiate a strong service level agreement (slA) that covers roles and responsibilities, data storage and disposal, and disaster recovery plans.
Know where your data is living.3. if your cloud provider is not based in your country or province, the servers that store your data may be subject to the laws of another country. This could make your business noncompliant with local regulatory requirements or expose information to authorities in other jurisdictions.
check out this iT world canada white paper which examines canadian companies and who is moving to the cloud – as well as when and why.
Get insights from Price waterhouse coopers on different cloud models and how to secure them in this white paper.
check out this webcast from www.techrepublic.com which covers the primary considerations to protect your most precious assets in the cloud.
17A GUIDE TO SECURING YOUR BUSINESS
i Spy: Monitoring Your Business from AfarM2M: How machines can help you keep an eye on your business.14
remotely monitor and Protect staFF, Fleets and assets with wirelessly connected machines.
Why It matters
you’ve probably heard the term machine-to-machine (m2m) being tossed
around with increasing frequency over the last year or two. These services
let you remotely monitor and protect your fleet, assets and staff from your
smartphone or tablet, using wirelessly connected devices.
What It Can Do For your BusIness
secure multiple warehouses, sites, vehicles, buildings or stores.•
reduce theft: know where your inventory, freight and assets are •at all times.
Keep remote workers safe and connected to security response teams.•
3 thInGs you Can Do noW
connect your on-premise surveillance cameras to a mobile app 1. to monitor you business from anywhere. see how Pita Pit used video surveillance to reduce shrinkage here.
install fleet tracking systems in your vehicles to better track 2. your valuable assets. see how Highway Technical engineering services monitors its fleet and keeps mobile workers safe here.
Provide connected devices to field workers in hazardous 3. conditions to monitor their safety. check out vendors like blackline GPs, Tsunami solutions and mentor engineering.
see how Highway Technical engineering services monitors its fleet and keeps mobile workers safe.
explore how m2m can help you remotely monitor and secure your business.
Find out how Pita Pit used video surveillance to address an outbreak of inventory and cashier-related shrinkage at their stores.
18A GUIDE TO SECURING YOUR BUSINESS
Protecting Against emerging ThreatsWhat impact do social media networks, online games or software have on security?15
Why It matters
Although mobile malware is still in its early days, it’s smart to be aware of emerging threats and the ways to defend against them. look ahead, keep informed and protect against the leaking of sensitive information to the public by employees. Prevent external scams delivered through social
media sites or repackaged games or software.
What It Can Do For your BusIness
Keep employees alert and prepared for the latest threats and •educated on acceptable behaviour.
Keep networks and business devices safe from the latest •cybercriminal threats.
increase the confidence of your customers, partners and staff •
in the security of their data.
3 thInGs you Can Do noW
create a policy to set expectations for social media users. 1. with social media malware on the rise, shaping user behaviour and increasing governance for social network use is a smart choice.
install anti-malware software regularly. 2. with the increasing speed of malware changes and distribution, it’s important to make sure anti-malware software on all business mobile devices is updated regularly.
consider data loss prevention tools. 3. Prevent inadvertent or intentional exposure of sensitive business information by identifying critical content then tracking and blocking it from being moved.
keeP in mind that emerging threats can From Both within and outside oF your organization.
want more?
learn about the social media sites, and hear what small and medium sized businesses are doing to protect against emerging threats here.
learn about emerging threats and how they are impacting businesses here.
Get a view of what’s hitting the top 5 cybercrimes and scams today here.
Get informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam here.
19A GUIDE TO SECURING YOUR BUSINESS
Are YOu reADY?
STOP worrying. STArT now.
security should be a source of positive motivation, because good security is key to winning your
customer’s trust. This guide is filled with common sense (but often overlooked) things you can start
doing today.
stop worrying. mobile devices actually have many built-in security advantages over their desktop
predecessors. And, as seen in this guide, there are many available device features that can simply be
turned on, or resources that can be accessed for free.
so don’t delay. Try putting one new security idea into action today, or pick a few and build them into
your security plan.
references to third-party advice and websites are made for your information only. ™rogers, rocket & mobius Design plus and related brands marks and logos are trade-marks of or used under license from rogers communications inc. or an affiliate. blackberry®, rim and related names and logos are the property of research in motion limited and are registered and/or used in the u.s. and countries around the world, used under license from research in motion limited. All other brand names are trade-marks of their respective owners. ©2011 rogers communications
For more information on mobile security, or other communications challenges for business, email us now, or visit www.rogersbizresources.com.