Manage nomandism #CyberSecMonth
Reduce the risks of nomadism through data protection
The multiplication of business trips with ever more compact equipment can lead to loss or theft in public spaces. We can see that there are real security issues regarding the data stored on these mobile terminals.
Prevent risks related to the nomadic nature of equipment
Ensure the physical security of terminals:
It is important to make users aware of the potential loss of this type of equipment so that they remain vigilant during their trips. Indeed, mobile terminals represent privileged targets for Cyber-attackers. It is important that mobile terminals remain as ordinary as possible and do not have any element referring to the organization or its environment.
Encrypt sensitive data:
It is essential to encrypt the data stored on mobile equipment (laptops, USB sticks, external hard drives, etc.) in order to keep this information confidential. Only a secret (such as a password, smart card, pin code, biometric factor, etc.) should be used to decrypt the stored content. It is also possible to implement an encryption solution for partitions, archives and files. However, it is necessary to guarantee the uniqueness and robustness of the secret of the decryption used. It is recommended, as a first step, to perform full disk encryption, as archive or file encryption can be performed later since they do not meet the same need.
Guarantee the security of the network connection:
A user on a business trip may need to access the organization’s information system remotely. It is therefore necessary to secure the network connection from the Internet as much as possible. To do this, it is recommended to establish an IPSec VPN tunnel between the nomad workstation and an IPsec VPN gateway rather than establishing SSL/TLS VPN tunnels. This IPsec VPN tunnel must be established automatically and not be disengageable by the user to avoid the transmission of flows outside the tunnel. For the specific authentication needs of captive portals, it is still possible to override the automatic connection by allowing a connection on demand. The user can be encouraged to use connection sharing on a trusted mobile phone.
Strengthen security policies:
It is important not to share personal and professional uses on the same mobile device. The synchronization of professional and personal accounts (messaging, social networks, calendars) is to be avoided. Terminals provided by the organization that need to connect to the information system or contain professional and sensitive information must be secured. It is important to use a centralized mobile equipment management solution and to implement homogeneous inherent security policies (means of unlocking the terminal, limitation of the use of the application store, etc.).
Maintain the integrity of mobile devices with WAPT
As mentioned above, some terminals, such as laptops, are often used for travel. This may be more difficult for organizations to keep these terminals up to date. There are tools, such as WAPT, to automate IT asset management. It’s possible to quickly test, install, update and uninstall softwares and configurations across the entire fleet. The update of workstations allow you to correct software vulnerability and, by extension, to protect the entire network by preventing malware from infiltrating the network.
With WAPT, it is the mobile workstation that establishes the connection with the WAPT server to download the various updates (via an Internet connection). The workstation is also the source of the creation of the websockets tunnel (bidirectional) allowing you to benefit from information feedback in the console but also to manage the mobile workstation remotely.
With WAPT, it’s possible to keep mobile workstations up to date. Indeed, once the user is connected to the network, the agent installed on the computer will cache the updates, they will be installed when the computer is shut down (or at another time depending on the configuration). Without even disturbing the user, WAPT makes it possible to keep mobile workstations up to date and ensure their compliance with the rest of the IT equipment. Don’t let the mobility of your employees hinder you in securing your fleet!
The Holiday Book for Digital Security is online!
You may know it if you follow the news of CyberSecMonth, ISSA France has insisted on developing an educational holiday book entitled “Les as du web” on the risks of digital technology thanks to a crowdfunding and we could not help support such a good initiative. This booklet is intended for children from 7 to 11 years old but also for their parents. For the youngest, it is an opportunity to become aware and learn through exercises and games that are fun and educational. For parents, the booklet also provides real advice on how to use the web, smartphones, social networks or personal data. Following the successful financing of this campaign, ISSA France’s objective is to be able to distribute this holiday booklet (1 million copies) on French motorways during the summer months. It was during the CyberSecMonth, during the Security Tuesday on October 16, that we were able to discover the famous booklet thanks to its downloadable version in PDF format! We have thus been able to become “As du web” thanks to this express training that will delight both the youngest and the oldest.
What you shouldn’t have missed:
Who to follow during #CyberSecMonth?
📢 Il ne reste que quelques places à la conférence du #CLUSIF sur les méthodes d'évaluation de la solidité d'un #SI >>> Apprenez sur #TestsdIntrusion #RedTeam #BugBounty— CLUSIF (@clusif) 15 octobre 2018
👉 Programme et inscriptions : https://t.co/OfA9CtFpT8 #TousSecNum #cybersécurité #ECSM pic.twitter.com/sujyIcn9f7
- How to secure access to your smartphone as securely as possible – CNIL
- Personal data breaches : 1st assessment after the implementation – CNIL
Find all our recommendations on Twitter and LinkedIn and on hashtag: #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.
After several months of development and testing we are proud to release the newest version of WAPT, 1.7. We were keen to provide a version that met as many needs as possible, so we took advantage of 1.7 to integrate exciting and highly requested features. As you may...
Tranquil IT is now referenced to the UGAP through the multi-publisher contract carried by SCC. Behind all these somewhat bureaucratic terms is very good news for those who want to buy the innovative products and services offered by Tranquil IT. What does that mean? In...