How to Protect Laptops for a Mobile Workforce
There are more people working offsite than ever before. With a growing mobile workforce, so much for all those concrete walls, CCTV cameras, and turnstiles that require ID badges to get in. These defenses no longer protect the computers that were once inside. The computers are now scattered throughout the world in homes, apartments, coffee shops, airports, buses, and more. Our users need new defenses to protect company data, regardless of where employees are working from.
Lock laptop when users are away.
End users may pay less attention to computer security away from the eyes of managing and colleagues. At home or elsewhere, there’s no one to remind them to keep their computers locked when they leave. The chance of stolen laptops are also significantly higher outside of the workplace. IT admins need to ensure that even if laptops are lost or stolen, the data within is still secure and inaccessible to unauthorized users.
Sniffing and snooping everywhere.
One of the benefits of working in a secure office building is that it’s very difficult for criminals to get within physical reach of our computers (since they’re safe behind walls and security cameras). This makes physical theft and short-range sniffing attacks more difficult. But when half the workforce is working offsite, criminals can finally have their chance with techniques such as local sniffing attacks.
Also, computers are no longer behind closed walls at the office. Any number of bystanders could be passing by the open screens of your employee’s laptops in public places. Employees could be connecting to unsecure public Wi-Fi networks and manually entering passwords. There could be any number of criminals, opportunists, careless actors shoulder surfing or attempting social engineering for MitM attacks.
How to secure offsite computers.
- Lock the computer automatically when users leave their laptops. Most teams use a timeout policy to lock their computers after a few minutes. But long timeout policies in public areas could be death knell for the entire cyber security defense plan.
- Use an enterprise password manager. This will prevent end users from using weak passwords and having poor password security habits (like writing them down and leaving them on the table for any passersby to see!). Also, enterprise password managers allow IT admins to centrally control credentials, permissions, and user identity.
- Provision passwords instantly, not piecemeal. Passwords need management, just like people. But most people aren’t interested in managing a jumble of random characters forced on them. If IT managers want passwords properly managed, first, start the whole process off right. Don’t onboard an employee by sending them an email with all their account’s passwords and usernames listed – that’s a bad move. Instead, have a system in place to securely give them access to their necessary accounts without a logistical nightmare. Then, when an employee leaves, their passwords can be easily deprovisioning by disabling a single account, rather than potentially 100.
- Enforce 2FA! It’s not that hard – two factors of authentication are better than one! 2FA is double the security! So, don’t let users choose to use 2FA, deploy it and ensure that it’s mandatory at as many levels as possible. Depending on the solution, this can be tedious, but security is too important. But there are solutions that offer an excellent balance between security and easy user access.
- Encrypt emails and messages. You may think you’re secure, but many cyber attacks, like sniffing, will give the victim a false sense of security so that they will go about their day while the malicious actors “sniff” on. Layer up as much security as you can, wherever you can.
- Use a privacy screen protector. It’s important to make sure that while logged in, bystanders aren’t able to shoulder surf your screen. Imagine you have a confidential earnings report on your screen and the people behind you can see the data. You never know who’s looking.
- Active cyber monitoring solution. IT admins must proactively be on the lookout for anomalies. Is someone logging in from another country? Is there someone constantly trying to login to their account? Vigilant network admins must constantly test the security endpoints and flow of data to search for vulnerabilities.
- Avoid connecting to public Wi-Fi without a VPN! Public Wi-Fi networks have not been vetted by your company. It could easily be a trap by hackers just waiting for you to connect. You could be victim of a sniffing attack or man-in-the-middle attack.