Manage nomandism #CyberSecMonth
Reduce the risks of nomadism through data protection
The multiplication of business trips with ever more compact equipment can lead to loss or theft in public spaces. We can see that there are real security issues regarding the data stored on these mobile terminals.
Prevent risks related to the nomadic nature of equipment
Ensure the physical security of terminals:
It is important to make users aware of the potential loss of this type of equipment so that they remain vigilant during their trips. Indeed, mobile terminals represent privileged targets for Cyber-attackers. It is important that mobile terminals remain as ordinary as possible and do not have any element referring to the organization or its environment.
Encrypt sensitive data:
It is essential to encrypt the data stored on mobile equipment (laptops, USB sticks, external hard drives, etc.) in order to keep this information confidential. Only a secret (such as a password, smart card, pin code, biometric factor, etc.) should be used to decrypt the stored content. It is also possible to implement an encryption solution for partitions, archives and files. However, it is necessary to guarantee the uniqueness and robustness of the secret of the decryption used. It is recommended, as a first step, to perform full disk encryption, as archive or file encryption can be performed later since they do not meet the same need.
Guarantee the security of the network connection:
A user on a business trip may need to access the organization’s information system remotely. It is therefore necessary to secure the network connection from the Internet as much as possible. To do this, it is recommended to establish an IPSec VPN tunnel between the nomad workstation and an IPsec VPN gateway rather than establishing SSL/TLS VPN tunnels. This IPsec VPN tunnel must be established automatically and not be disengageable by the user to avoid the transmission of flows outside the tunnel. For the specific authentication needs of captive portals, it is still possible to override the automatic connection by allowing a connection on demand. The user can be encouraged to use connection sharing on a trusted mobile phone.
Strengthen security policies:
It is important not to share personal and professional uses on the same mobile device. The synchronization of professional and personal accounts (messaging, social networks, calendars) is to be avoided. Terminals provided by the organization that need to connect to the information system or contain professional and sensitive information must be secured. It is important to use a centralized mobile equipment management solution and to implement homogeneous inherent security policies (means of unlocking the terminal, limitation of the use of the application store, etc.).
Maintain the integrity of mobile devices with WAPT
As mentioned above, some terminals, such as laptops, are often used for travel. This may be more difficult for organizations to keep these terminals up to date. There are tools, such as WAPT, to automate IT asset management. It’s possible to quickly test, install, update and uninstall softwares and configurations across the entire fleet. The update of workstations allow you to correct software vulnerability and, by extension, to protect the entire network by preventing malware from infiltrating the network.
With WAPT, it is the mobile workstation that establishes the connection with the WAPT server to download the various updates (via an Internet connection). The workstation is also the source of the creation of the websockets tunnel (bidirectional) allowing you to benefit from information feedback in the console but also to manage the mobile workstation remotely.
With WAPT, it’s possible to keep mobile workstations up to date. Indeed, once the user is connected to the network, the agent installed on the computer will cache the updates, they will be installed when the computer is shut down (or at another time depending on the configuration). Without even disturbing the user, WAPT makes it possible to keep mobile workstations up to date and ensure their compliance with the rest of the IT equipment. Don’t let the mobility of your employees hinder you in securing your fleet!
The Holiday Book for Digital Security is online!
You may know it if you follow the news of CyberSecMonth, ISSA France has insisted on developing an educational holiday book entitled “Les as du web” on the risks of digital technology thanks to a crowdfunding and we could not help support such a good initiative. This booklet is intended for children from 7 to 11 years old but also for their parents. For the youngest, it is an opportunity to become aware and learn through exercises and games that are fun and educational. For parents, the booklet also provides real advice on how to use the web, smartphones, social networks or personal data. Following the successful financing of this campaign, ISSA France’s objective is to be able to distribute this holiday booklet (1 million copies) on French motorways during the summer months. It was during the CyberSecMonth, during the Security Tuesday on October 16, that we were able to discover the famous booklet thanks to its downloadable version in PDF format! We have thus been able to become “As du web” thanks to this express training that will delight both the youngest and the oldest.
What you shouldn’t have missed:
Who to follow during #CyberSecMonth?
📢 Il ne reste que quelques places à la conférence du #CLUSIF sur les méthodes d'évaluation de la solidité d'un #SI >>> Apprenez sur #TestsdIntrusion #RedTeam #BugBounty— CLUSIF (@clusif) 15 octobre 2018
👉 Programme et inscriptions : https://t.co/OfA9CtFpT8 #TousSecNum #cybersécurité #ECSM pic.twitter.com/sujyIcn9f7
- How to secure access to your smartphone as securely as possible – CNIL
- Personal data breaches : 1st assessment after the implementation – CNIL
Find all our recommendations on Twitter and LinkedIn and on hashtag: #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.
In previous articles, we presented you in detail the story of Samba Active Directory. From its evolution in Active Directory to the new features of Samba 4.10, we didn't forget any details... Or almost! Indeed, the history of Samba Active Directory cannot be complete...read more
At the beginning of April 2019, the ITES (Innovation Technology European Summit) took place in Deauville. Organized by the CRIP (Club of IT Infrastructure and Production Managers) since 2013, the event brings together the various players in the IT eco-system with...read more
Samba Active Directory version 4.10 has been release for several days! We managed to hold back our impatience to tell you about it and take the time to test the brand new version. In a previous article, we borrowed the DeLorean to go back in time and discover the...read more