Chris Preimesberger6
This is going by fast, as usual:
Q4: Device security: How does this change--or does it?--when somebody moves a company laptop or phone to work at home or at Starbucks for an extended period of time? What does the user generally have to be aware of?
Q4: Device security: How does this change--or does it?--when somebody moves a company laptop or phone to work at home or at Starbucks for an extended period of time? What does the user generally have to be aware of?
Gorka Sadowski
A4 -- watch out!!
Vineet Jain
A4. For the business worker who is using mobile for business, make sure IT is using MDM technology so that they have better control over a device that is stolen. My colleague and our CSO, @GovernanceGuru, stated 37% of employees use personal devices to access company data...
David Gewirtz
A4: You can take this in a bunch of directions, but one I find is "nobody cares what I do" as an excuse for poor security. Training is a big necessity and can be an even bigger win.
Vineet Jain
A4. ...and only 35% have password requirements for personal devices. So what happens to lost and stolen devices is a real concern.
Vineet Jain
A4. Employees should use a password manager as a first step for general security hygiene
Gorka Sadowski
A4 -- usually for "sanctioned" devices that IT is giving their employees, there is usually some time of local software running to help with minimal security. However when corporate resources are accessed using a personal device, that doesn't hold true anymore.
Gorka Sadowski
A4 -- people should also use their common sense and not access critical, secret data from their iPhone connected to the local unprotected Starbucks wifi for example
Vineet Jain
A4. Audit your apps. Even if you’re not logged into your apps, they’re notorious for tracking where you go and what you do. Delete the apps that you aren’t using regularly and pay attention to the default location and security settings within each app.
David Gewirtz
A4: Considerations change based on location. VPNs are necessary for connection to public Wi-Fi, but not necessarily at home (unless you have non-benign roommates or a non-benign ISP).
Gorka Sadowski
A4 -- because the organization cannot always control well what is running on the endpoint, and where the endpoint is connected from, it is important to have back-end solutions that will perform some form of detection, investigation and response for it/when the user gets hacked
David Gewirtz
A4: SSO (single sign on) can be helpful. Folks get MFA fatigue and then just leave things relatively open. It's scary.
Gorka Sadowski
A4 -- even more important in case the user -is- the attacker, aka "insider threat"
Vineet Jain
@DavidGewirtz Agree!
David Gewirtz
A4: Let's also not lose track of the fact that this is SUCH a moving target. So while it's hard for IT folks and so-called power users to keep up, regular "muggle" users have a much harder time -- but still can risk the company big-time.
Gorka Sadowski
A4 @DavidGewirtz -- true, all users need to be in scope, regardless of their role, their access privilege, their employment status (full time/part time) etc
Vineet Jain
A4. Away from the office, nearly a third of employees are accessing corporate files through unsecured WiFi networks and on personal devices with no password requirements. This is a big problem because a large portion of these files contain sensitive information
David Gewirtz
A4 At home, it's challenging because the enterprise often needs to be sure the home environment is secure, but there can be pushback from family members, issues of too much intrusion, etc. It's a very careful dance.
Gorka Sadowski
A4 - @CloudNotEnough -- yes this is what we have observed also. So back-end, detection, investigation and response solutions are critical to ensure a better security posture.
Gorka Sadowski
A4 -- @DavidGewirtz there are solutions that not too intrusive for those use cases... Others are borderline big-brotherish and are essentially session DVR's, with recording of every single mouse click, what is typed etc. can be a bit much...