Whether it’s a smart phone, tablet or laptop, mobile devices have become the constant companions of today’s employees. And this relationship has only been further cemented by the COVID-19 pandemic, which has thousands working from home or other remote locations.
From a productivity standpoint, this is a good thing. So many tasks that once kept employees tied to their desks are now doable from anywhere on flexible schedules. All this convenience, however, brings considerable risk.
Perhaps the most obvious threat to any company-owned mobile device is theft. That could end a workday early, hamper productivity for days, and lead to considerable replacement hassles and expense. Indeed, given the current economy, thieves may be increasing their efforts to snatch easy-to-grab and easy-to-sell technological items.
Worse yet, a stolen or hacked mobile device means thieves and hackers could gain possession of sensitive, confidential data about your company, as well as its customers and employees.
Amateur criminals might look for credit card numbers to fraudulently buy goods and services. More sophisticated ones, however, may look for Social Security numbers or Employer Identification Numbers to commit identity theft.
5 protective measures
There are a variety of ways that businesses can reinforce protections of their mobile devices. Here are five to consider:
1. Standardize, standardize, standardize. Having a wide variety of makes and models increases risk. Moving toward a standard product and operating system will allow you to address security issues across the board rather than dealing with multiple makes and their varying security challenges.
2. Password protect. Make sure that employees use “power-on” passwords — those that appear whenever a unit is turned on or comes out of sleep mode. In addition, configure devices to require a power-on password after 15 minutes of inactivity and to block access after a specified number of unsuccessful log-in attempts. Require regular password changes, too.
3. Set rules for data. Don’t allow employees to store certain information, such as Social Security numbers, on their devices. If sensitive data must be transported, encrypt it. (That is, make the data unreadable using special coding.)
4. Keep it strictly business. Employees are often tempted to mix personal information with business data on their portable devices. Issue a company policy forbidding or severely limiting this practice. Moreover, establish access limits on networks and social media.
5. Fortify your defenses. Be sure your mobile devices have regularly and automatically updated security software to prevent unauthorized access, block spyware/adware and stop viruses. Consider retaining the right to execute a remote wipe of an asset’s memory if you believe it’s been stolen or hopelessly lost.
More than an object
When assessing the costs associated with a mobile device, remember that it’s not only the value of the physical item that matters, but also the importance and sensitivity of the data stored on it. We can help your business implement a cost-effective process for procuring and protecting all its technology.
© 2020 Covenant CPA
If you devote all your business’s security resources to fending off hackers and other cybercriminals, you may be unlocking the door, literally, to more basic types of theft. “Creepers” are criminals who gain access to offices or other physical facilities via unlocked doors and social engineering tactics. Once in, they steal proprietary information, inventory, computers and personal property, or gather information that makes it easier to hack your network.
Creepers in action
A major energy company’s Houston office was infiltrated by a creeper who’s believed to have stolen sensitive information, possibly to sell to a rival company or foreign government. Surveillance footage released by the FBI shows a man walking through an unlocked door in the middle of the night. He’s wearing office-appropriate clothing and moves confidently, like an employee who has a right to be there.
A Washington D.C. creeper also looked like she belonged where she didn’t. She walked into many supposedly secure government offices by chatting with employees outside the office, then following them through the door. When questioned, she claimed she’d left her badge at her desk.
In other cases, creepers use uniforms and props such as mops, toolboxes and clipboards to suggest they’re cleaners or that they work for building maintenance. They may wear stolen or forged ID badges, assuming that no one will examine them too closely.
To protect your business’s and its employees’ property, keep all doors locked, even during work hours. Issue keycards and photo-ID badges to workers and instruct them to be on the lookout for possible intruders. They shouldn’t automatically assume, for example, that someone wearing coveralls and carrying a ladder is authorized to be there. And they shouldn’t unlock the door for anyone — even if that person seems like an employee — unless they know for certain he or she is.
If workers are uncomfortable approaching a possible intruder, they should immediately report the person to your office manager, HR director or building security. The stranger in question may well be an authorized visitor, but it’s better to be safe than sorry. Also ask employees to report the presence of former employees, who sometimes are recruited to carry out corporate espionage.
Even if you don’t keep high-value inventory or electronics on the premises, install security cameras. And instruct employees to lock up purses and wallets and to password-protect computers whenever they leave their workspaces — even if it’s only for a few minutes.
Virtual vs. physical threats
Obviously, IT security must remain a priority for all organizations. But don’t let virtual threats blind you to the need to protect against physical ones. Contact us for help preventing fraud and other forms of theft.
© 2019 Covenant CPA