Managing digital nomandism #CyberSecMonth
Reduce the risks of nomadism through data protection
The multiplication of business trips with ever more compact equipment can lead to loss or theft in public spaces. We can see that there are real security issues regarding the data stored on these mobile terminals.
Prevent risks related to the nomadic nature of equipment
Ensure the physical security of terminals:
It is important to make users aware of the potential loss of this type of equipment so that they remain vigilant during their trips. Indeed, mobile terminals represent privileged targets for Cyber-attackers. It is important that mobile terminals remain as ordinary as possible and do not have any element referring to the organization or its environment.
Encrypt sensitive data:
It is essential to encrypt the data stored on mobile equipment (laptops, USB sticks, external hard drives, etc.) in order to keep this information confidential. Only a secret (such as a password, smart card, pin code, biometric factor, etc.) should be used to decrypt the stored content. It is also possible to implement an encryption solution for partitions, archives and files. However, it is necessary to guarantee the uniqueness and robustness of the secret of the decryption used. It is recommended, as a first step, to perform full disk encryption, as archive or file encryption can be performed later since they do not meet the same need.
Guarantee the security of the network connection:
A user on a business trip may need to access the organization’s information system remotely. Therefore it is necessary to secure the network connection from the Internet as much as possible. To do this, it is recommended to establish an IPSec VPN tunnel between the nomad workstation and an IPsec VPN gateway rather than establishing SSL/TLS VPN tunnels. This IPsec VPN tunnel must be established automatically and not be disengageable by the user to avoid the transmission of flows outside the tunnel. For the specific authentication needs of captive portals, it is still possible to override the automatic connection by allowing a connection on demand. The user can be encouraged to use connection sharing on a trusted mobile phone.
Strengthen security policies:
It is important not to share personal and professional uses on the same mobile device. The synchronization of professional and personal accounts (messaging, social networks, calendars) is to be avoided. Terminals provided by the organization that need to connect to the information system or contain professional and sensitive information must be secured. It is important to use a centralized mobile equipment management solution and to implement homogeneous inherent security policies (means of unlocking the terminal, limitation of the use of the application store, etc.).
Maintain the integrity of mobile terminals
As mentioned above, some terminals, such as laptops, are often used for travel. This may be more difficult for organizations to keep these terminals up to date. There are tools, such as WAPT, to automate IT asset management. It’s possible to quickly test, install, update and uninstall softwares and configurations across the entire fleet. The update of workstations allow you to correct software vulnerability and, by extension, to protect the entire network by preventing malware from infiltrating the network.
With WAPT, it is the mobile workstation that establishes the connection with the WAPT server to download the various updates (via an Internet connection). The workstation is also the source of the creation of the websockets tunnel (bidirectional) allowing you to benefit from information feedback in the console but also to manage the mobile workstation remotely.
Why use WAPT in a nomadic context?
With WAPT, it’s possible to keep mobile workstations up to date. Indeed, once the user is connected to the network, the agent installed on the computer will cache the updates, they will be installed when the computer is shut down (or at another time depending on the configuration). Without even disturbing the user, WAPT makes it possible to keep mobile workstations up to date and ensure their compliance with the rest of the IT equipment. Don’t let the mobility of your employees hinder you in securing your fleet!
The Holiday Book for Digital Security is online!
If you follow the news of CyberSecMonth, you may know that ISSA France has insisted on developing an educational holiday book entitled “Les as du web” which focuses on the risks of digital technology thanks to a crowdfunding and we could not help but support such a good initiative. This booklet is intended for children from 7 to 11 years old but also for their parents. For the youngest, it is an opportunity to become aware and learn through exercises and games that are fun and educational. For parents, the booklet also provides real advice on how to use the web, smartphones, social networks or personal data.
ISSA France’s objective is to be able to distribute this holiday booklet (1 million copies) on French motorways during the summer months. It was during the during Security Tuesday on October 16, that we were able to discover the famous booklet thanks to its downloadable version in PDF format! We have thus been able to become “As du web” thanks to this express training that will delight both the youngest and the oldest.
What you don’t want to miss :
- How to secure access to your smartphone as securely as possible – CNIL
- Personal data breaches : 1st assessment after the implementation – CNIL
Find all our recommendations on Twitter and LinkedIn and on hashtag: #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.
Secure and optimize your workstation with WAPT
Managing the confidentiality, security and auditing of workstations has become crucial in companies. Poorly optimized configurations can expose vulnerabilities that can be exploited by parties outside the organization. This guide offers several steps and tools for...
Tranquil IT and Cyberwatch interface to detect and correct vulnerabilities in Linux, Windows and MacOS environments
Tranquil IT and Cyberwatch: How to detect and correct vulnerabilities in Linux, Windows and MacOS.
FAQ WAPT 2.5 : Answers to your questions
WAPT 2.5 has been available for several months now. In this specific FAQ, you'll find 10 of the most frequently asked questions and comments.If you receive the error: EWaptCertificateUntrustedIssuer ('Issuer CA certificate CN=blemoigne,C=FR can not be found in...