Your business secrets may not be as juicy as George Clooney’s insecurities or Angelina Jolie’s bratty attitude, but someone somewhere may be interested in unearthing details about your company—or your customers. And today, in addition to network security, businesses need to be concerned about mobile security as well. Mobile computing is an essential business tool that can increase productivity, but it does carry some inherent risks that could jeopardize your company’s data.
We spoke to Robert Cioffi, CEO of Yonkers-based IT consulting firm Progressive Computing, to get his advice on precautions that can be implemented to ensure the safety and security of your corporate information.
- Advertisement -
Progressive Computing CEO Robert Cioffi
Why is the use of mobile computing so important for small businesses?
Cioffi: We live in a hyper-connected society and any business—large or small—has certain expectations about the speed of answers, delivery of service, and communications. It’s really important that your entire team is able to collaborate and communicate regardless of their physical location… even if that location happens to be a transcontinental flight or a moving train.
So how secure can mobile computing really be with all those hackers and thieves out there? Look what just happened to Sony.
Cioffi: It actually can be just as secure as working from within the office, provided that you take certain prudent security measures. You will need a qualified IT provider to design your network to allow secure remote connections. This is not a job for a DIY-er. It is also important to understand that if hackers really want to get inside your systems, they will eventually succeed. The industry term used is “size of the prize”. If you’re a hacker who’s interested in stealing credit card information, you’re going to go after Target’s 100 million credit cards on file as opposed to a smaller business with only a couple hundred.
The recent Sony hack shows how vulnerable companies are to a determined attacker. Your company should institute a protection, detection and response plan. You need protection against low-level attacks and to make targeted attacks more difficult. Detection will help find attackers that have made it into your system. Finally, you need a response to reduce the damage, restore security and manage any fallout from the incident.
Two main things stand out from the Sony incident. First, most of their employees kept their passwords on simple and extremely unprotected Word documents. It is a dangerous practice that makes your company an easy mark for a security breach. Second, is that so much data was moved off their services and no one noticed. That amount of data should have been easy to spot if Sony’s IT team was paying better attention.
What type of protocols should a small business institute to increase their levels of security for the mobile computing workforce?
Cioffi: There are two basic protocols that should be used for mobile computing. First, remote access should be done via Virtual Private Network (VPN). A VPN encrypts (or scrambles) the communication between a remote location and the office. As the data information travels across the public (and insecure) Internet it essentially appears as gibberish to any eavesdroppers. Second, because most businesses rely on passwords as the only authentication method, it’s important to have a strong password policy. That policy should consist of 90-day expirations and password complexity requirements.