When’s the last time you updated your router’s firmware? Do you require mobile anti-malware be installed on employee smartphones used for business?
Cybersecurity isn’t only about network solutions, computers, and servers. It includes the security of any endpoint connected to your network, and increasingly, those endpoints include mobile and IoT devices.
Mobile devices now make up about 60% of the endpoints in a company, yet they’re often behind when it comes to IT security basics. For example, about 58% of Android devices are over two OS versions behind and 48% of iOS devices are more than four versions behind the latest OS update.
The key message of this year’s National Cybersecurity Awareness Month (NCSAM) is “If you connect it, protect it.” It’s a reminder that any endpoint connected to the network needs to have safeguards in place to prevent malware infections, data breaches, and other incidents.
Take this opportunity to use the tips below to revisit your company’s device security and discuss best practices with your staff.
Device Security Basics to Keep Your Data Protected
Every October, National Cybersecurity Awareness Month reminds everyone of the vital part IT security plays in our lives. It also emphasizes that it’s an everyday priority, not just one month out of the year.
According to RiskIQ, every endpoint connected to the internet sees 1.5 attacks per minute and cyberthreats multiply at a speed of 375 per minute. Any weak link in your device security can risk your entire network being breached from one endpoint.
Here are several of the basics of good device security for computers, mobile devices, and IoT devices.
Computer Device Security Basics
Computers need to be protected whether they’re at work or at home. The rise in remote work this year due to the pandemic has left many Wisconsin businesses more vulnerable to a cyberthreat.
Employees working from home may be working on personal devices that lack the security basics to help prevent a breach, such as regular updates and malware monitoring.
Device security should be multi-layered and include the following:
- Reliable antivirus/anti-malware
- DNS filtering to block malicious websites
- Timely OS, software, and firmware updates installed
- Passcode locks on the screen
- Regular data backups
- Email filtering to help catch dangerous phishing emails
Mobile Device Security Basics
Mobile devices are increasingly at risk from hackers via malicious mobile apps and their install packages designed to inject a device with spyware, ransomware, or another type of threat.
According to Kaspersky detections, every quarter between Q2 2019 and Q2 2020 has seen a rise in the number of malicious installers targeted at mobile devices.
Number of detected malicious installation packages, Q2 2019 – Q2 2020
It’s important to ensure mobile devices are fully protected, just as much as computers, and this includes discussing device security with employees who may be accessing company data, email, and cloud accounts from a personal device.
Mobile device security should include:
- Mobile antivirus/anti-malware
- Timely OS and app updates
- Careful review of apps before they’re installed to ensure they’re not malicious
- Password or biometric screen lock
- Backup of all device data
- Business VPN to use when on a public Wi-Fi network
- Use of a “find my device” application
Companies should also use an endpoint device manager (like Microsoft Intune) to monitor device access to their data. This also allows the automation of security tasks such as device update installation and monitored antivirus.
IoT Device Security Basics
Internet of Things (IoT) devices have been multiplying in recent years. From voice assistants like Alexa to IP security cameras, smart gadgets are taking over many tasks that used to be done manually and adding to convenience.
But they’re also one of the device categories that is the least protected and the most at risk. 98% of IoT data traffic is unencrypted and can be easy for a hacker to get their hands on if devices don’t have the proper safeguards.
Whether at home or work, you should look at IoT devices as an entry point to your network and one that is typically the most vulnerable.
Here are several IoT security basics to keep these devices safe:
- Immediately change the default username/password when setting devices up
- Disable discover features like Universal Plug and Play (UPnP)
- Use a non-descript device name (i.e. no brand or location information)
- Check device settings regularly for security patches and updates
- Keep IoT devices on a separate “guest” network from other connected devices
- Use multi-factor authentication where possible for device setting logins
If you’re looking for help promoting device security at your office, you can find several free tip sheets and other resources at the NCSAM website.
Improve Your Device Security with Help from Quantum PC Services
We can help your Sturgeon Bay business put a comprehensive device security program in place that protects computers, mobile devices, and IoT devices and keeps your data and network safe.
Contact us today to learn more! Call 920-256-1214 or reach us online.