Business has undergone a great deal of change over the past several years with regard to technology. Some of that change is out of necessity. One of the largest vectors of ransomware attacks is out of date hardware and software in systems without sufficient security or backups. These attacks have been a contributing factor to businesses accelerating their upgrade cycle to something more secure.
There are also improvements to mobile device management. It used to be said that workers were not able to bring their own devices to work because they were too insecure. Then, Managers and CEOs insisted on using their own devices and suddenly it was possible. In the same way, Macs and iPads couldn’t be allowed on the network. But it turned out that CEOs liked Macs and iPads. So IT discovered it wasn’t so impossible.
Lately, COVID has contributed to breaking down the barrier between corporate and consumer hardware because people have had to work from home who had not been assigned company hardware. IT departments had to figure out how to provision all those personal computers, iPads, and smartphones to securely access the company’s network.
That said, it doesn’t always come up roses. Consumer hardware can be a lot less secure to use in corporate environments for a number of reasons. It takes a little extra work to do it right. If your business now runs on a mix of corporate and consumer gear, here are some guidelines for making it as safe as possible:
Only Use Corporate Software
There are a few reasons to only use corporate software even when using consumer hardware:
Only Use Corporate Security Practices
Consumer security is practically non-existent. With much cajoling, some small percentage of the population might use a 4-digit passcode on their lock screen. For the consumer, it is all about convenience. Corporate security requires strong, alphanumeric passwords that have to be changed every two weeks. Stronger security includes two-factor.
There is also the matter of email policy. One of the biggest attack vectors is email, particularly links found within emails. It is hard for people to ignore links in emails when legitimate corporations send links in emails. This needs to stop. Never send a link to your employees and instruct them to never open email links on a system on which they do work. Instead, instruct them to log into their account from the secure web and follow instructions from there. The problem of viruses through email links will continue as long as corporations keep sending mixed messages.
Only Use Corporate Networks
Most office workers have to access the internet for at least some of the work they do. Consumer devices connect to the open and unfiltered web via web browsers built for collecting and selling as much data as possible. They often access the web on sketchy, open networks in public places like parks. This won’t do.
You need to provide them with a way to access the secure corporate network from any device provisioned for that network. Once inside the corporate network, they should be able to access the internet using a more hardened browser adhering to rules set up by the IT personnel.
There is nothing wrong with using consumer tech for corporate work. In fact, it is imperative. But you still have to make sure those devices are ready for secure work by only using corporate software with corporate security practices on corporate networks.