More individuals complete their work remotely now than ever before. With this shift, the importance of remaining vigilant about cybersecurity has increased greatly. In order to protect both corporate data and personal information, organizations should create and implement cybersecurity policies for their team members. The following shares Thompson Reuter’s security recommendations for keeping data secure while utilizing phones and laptops.
Passwords provide the fist line of defense in keeping private data on laptops and phones safe. An organization can improve security by requiring team members to use strong passwords that they change on a regular basis. Because most applications and many websites require passwords, using a password management program can help prevent employees from using the same password for multiple applications.
Other best practices for passwords include:
- Passwords should be at least six characters, preferably a combination of letters, numbers, and a symbol (such as a $ or #). At least one character should be in uppercase.
- Passwords should not be obvious. For example, if the username is the last name, the password should not be the person’s first name.
- Periodically (every 3-6 months), the system should automatically request that the user reset the password.
- Passwords should not be reused within an 18-month period.
- Users should be locked out after three consecutive failed login attempts.
- Passwords should not be stored in an obvious location, such as on a note on an employee’s desk.
- Passwords should not be shared.
Safeguards Specific to Mobile Phones
Cellphones provide convenience and almost constant access to work-related applications. In particular, employees frequently access work email on their personal phones. Work-related email can contain confidential information. Therefore, as mentioned above, passwords take priority. Organizations should implement a password policy requiring team members use a password-protected phone if they will access work email on a personal mobile device.
Companies can further protect data by requiring encryption on personnel phones. Additionally, if organizations wish to secure phones against data loss in the event of loss or theft, they can install software that allows the employer to remotely wipe confidential data. When organizations implement the right precautions, cellphones can help increase productivity and keep employees engaged with work no matter their locations.
Safeguards Specific to Laptop Computers
Most employees use laptops supplied by their organization when working remotely. These devices have an increased risk of theft or loss due to their mobility. Therefore, management’s security policies should include direction on how to protect the sensitive information on this easily transferred equipment. We suggest the following recommendations to secure both the devices and the information stored within them:
- Prohibit personnel from leaving laptops in unsecured areas (even locked cars), or leaving laptops unattended (at client offices or airports, etc.).
- Employ encryption technology to secure data on laptop drives.
- Have your information technology department examine shared laptops after personnel use to ensure removal of forgotten data files to prevent inadvertent sharing of sensitive data.
- Ensure all laptops have been loaded with firewall, antivirus, and spyware protection, and malware protection software.
- Implement security standards on personal phones used for business.
The need to keep your data safe will only increase as our world continues to go digital, so make sure to take the steps needed to protect your organization. If you would like to see where your organization can improve cybersecurity practices, take a free self-diagnostic on our website or schedule a time to meet with one of our cybersecurity advisors.