Contact Us
Name
Email
Comments

Blog

Adventure is out there! Considering the Mobile Workspace

Mobile devices (including laptops) are dominating the marketplace, and even some of your offices. These offer unsurpassed flexibility in how and where you work.  I remember one of my co-workers at a previous company was managing the entire Network team while he finished his last year of employment on a boat in Florida.  He had his laptop and was able to connect to company (and client) computers to do whatever he needed to do.  I have to say I was a bit jealous.

This flexibility enables companies to have a distributed workforce and meet many corporate and client objectives. Imagine being able to embed a staff member at one of your large client sites to provide real-time access and service for their screening needs.  Consider the benefit of applicants applying for jobs wherever they are on whatever device they have handy.  Sounds like Nirvana, doesn’t it?

It is not without risk, both as an individual and as a company.  Users frequently add “search helps” and other applications to their devices.   

  • Did you know that these often can capture information from your browser? 
     
  • Mobile users are frequently willing to connect to any WiFi they can find (who wants to pay for data usage). 
     
  • Did you know that these are insecure and subject to snooping by others?  They can capture every character of information that is being transmitted. 
     
  • If your employees work from mobile devices, are they saving attachments on their personal phone?  Are they securing this information?

None of this means we should not use mobile devices.  We must be aware and exercise care with our treatment of applicant PII.  We must educate our employees and even possibly applicants to the risk of unsecured networks or connections.  The good news is that your FRS sites use encryption, so their data is safe as they send it.

What are you doing to educate your users and to keep your systems safe? 

Tips (courtesy of SANS):

  • Turn on disk encryption (not explicitly tied to PIN/screen lock)
     
  • Use biometrics for unlocking your phone normally with a longer passcode (instead of a simpler 4-character PIN)
     
  • Evaluate and uninstall apps and plugins with excessive permissions
     
  • Install platform updates when they become available
     
  • Periodically erase your network settings to forget about old, insecure WiFi networks you don't use anymore


 

Mark Martens,Vice President - Technology and Operations

 

 

No comments have been posted

LEAVE A COMMENT