Whether a company has five or 500 users, establishing best practices and policies for client devices is a critical first step in averting trouble.
Nowhere is this truer than in the context of security. Although the advent of mobile computing has forever changed the way companies conduct business, it has also created security challenges. To lock down mobile devices, consider putting these policies in place for users.
It’s easy to secure an iPad using the built-in Passcode feature to lock the device when a user powers it off or it goes into sleep mode. To access this setting, go to Settings > General > Passcode Lock and enter the desired code.
Not only will this make unauthorized access difficult, but this lock can also be configured to erase any sensitive data after 10 failed passcode entry attempts. This is a valuable tool to keep sensitive and personally identifiable data from falling into the wrong hands.
The Passcode feature is available on the iPhone as well, so consider making its use a standard operating procedure for all workers with these devices.
When workers leave the office with their notebooks, Internet filtering shouldn’t stay behind. Developers such as Blue Coat Systems offer stand-alone web-filtering programs that run as a service on local machines and use centrally managed policies on each user’s hard drive.
When the software detects that a computer is behind the corporate gateway device, it can be set to disable itself, letting the machine use the company network's Internet filtering. When the user takes the machine home, however, the local policy kicks in and protects the computer from accessing malicious or otherwise unapproved websites.
This approach not only furthers compliance but also blocks malware and third-party applications from downloading and compromising systems when they are outside of the corporate infrastructure’s immediate control.
Keeping Windows updates current on end-user clients may be the single most important step to protecting a corporate network from outside threats. Don’t rely on users to voluntarily install updates. Instead, deploy a Windows Server Update Services server that will act as a central repository for Windows and other application patches for company computers.
Additionally, use Group Policy to force clients to download updates from the server at set intervals. Not only will this take the guesswork out of keeping machines up to date, but it will eliminate bandwidth redundancy because virtually all update traffic will stay inside the LAN.
If an IT department supports teleworkers, the company should have a policy in place to ensure these remote users have both a hardware firewall and wireless encryption.
Don’t take for granted that an employee’s personal Internet service provider has taken care of this; a surprising number of broadband providers still deploy equipment that leases external IP addresses to connected machines.
Make it a corporate policy to require that new users and users switching ISPs check in with the tech support staff or the help desk when setting up home systems. A five-minute phone call is all it takes to determine whether a remote system poses a threat to the company’s network.
Outdated applications with gaping security holes pose some of the biggest security threats to mobile phone users. Updates become available regularly for Droid, iPhone on other platforms, and users need to download these as they arrive. These updates will fix known security vulnerabilities, and they frequently make apps more stable, creating a better overall end-user experience.