How to establish a mobile security policy on an enterprise notebook computer

A 2012 study by Harris Interactive shows that while smartphones and tablets are starting to become popular in companies, 26% of employees still use office computers to handle business. 61% of them store critical data, including company and customer sensitive information, on their systems.

Given the rising number of notebook thefts, it is under great pressure to ensure the safety of corporate laptops. However, the design and implementation of an effective mobile security policy is a daunting task. It must implement robust usage policies, manage physical devices, take measures to protect data, execute password requests, and control enterprise resource access.

Define a mobile security policy and reasonable use

Regardless of what the IT department does to protect the company's laptops, the effectiveness of these steps depends on the terminal security policy, and the terminal security policy clearly defines how employees can use and protect these laptops.

Usage policies must be communicated and defined in detail. A good starting point is to include information on how to physically protect your laptop, such as when no one is physically locked out to ensure security.

The mobile security policy should also include network connection information. For example, employees should know when and where to use Bluetooth or the point-to-point network, and whether these features have been disabled. It should explain to employees the dangers of unencrypted wireless networks and external devices that can secure network connectivity, such as a travel router that protects Ethernet access.

The laptop security policy should involve risky practices, such as unsecured internet access, point-to-point links and open attachments to messages that are not recognized, and the installation of Third-party software and services.

In addition, the Organization should specify which steps should be taken if the notebook computer is lost or stolen or the data is corrupted. All employees of the company who use laptops should popularize safety training and understand company policy.

Managing Devices

Before handing out laptops, it must configure domain policies and management software for them to ensure that each device is maintained sustainably. Administrators must be able to install security patches, change configuration settings, and regularly monitor and audit notebook computers to assess risks and ensure compliance.

In addition, administrators should disable any features that have security risks, such as Bluetooth, Peer-to-peer, or CD or USB drive startup.

It must also configure Anti-malware and cloud-based services for each notebook computer to prevent damage threats. Terminal protection should include kernel-level host intrusion prevention, firewall security, and other safeguards that meet the organization's specific requirements.

In addition to protecting them from malware threats, desktop administrators should also configure software or services for laptops to track and disable devices and remotely remove sensitive data.

Protecting data

Ultimately, protecting sensitive data is the ultimate goal of terminal protection. Although hardware can be replaced with high prices, the resulting costs are nothing compared to the potential cost of enterprise data protection. The first choice for prevention is total encryption, using the 256-bit Advanced Encryption standard, and the need to pre-boot user authentication.

Even with overall encryption, critical data should not be stored on a laptop computer. Unless this data is needed to carry out business. Sensitive data should be stored in a secure data center, which provides a secure way to access the data.

Peripherals such as portable external hard disks and USB flash memory should also be encrypted or configured to prevent use of the notebook. Notebook computer data should also be backed up regularly to prevent data loss or damage.

Mandatory password requirements

This should be obvious, but employees continue to share and reuse passwords, use weaker passwords, or even use passwords in some cases. As a result, all enterprise laptops should require employees to enter strong passwords when they start or wake up.

In addition, the laptop should be locked after a few minutes. Passwords should be associated with the overall encryption system. Note that biometric authentication may affect password usage and policy.

Employees should be encouraged to set passwords that are difficult to decipher and will not be used elsewhere. They should be used to keeping their passwords secret. It should identify these in the usage policy and provide it to all notebook users.

Control company Access

When employees have their own office laptops, it is possible to connect to the corporate network via WiFi, a situation that applies to company safeguards. However, when employees take these mobile terminals out of the office, these safeguards may be powerless. However, they still need to access the company's resources from the outside through the company's firewall.

Virtual Private Network (VPN) is still one of the safest and most effective ways to provide remote access to enterprise resources. VPNs allow employees to communicate with the corporate network from any location through a public network-most notably the Internet. Data transfers between laptops and corporate networks are encrypted, so hackers cannot intercept sensitive data on public networks.

If employees cannot establish a VPN with the organization's network, in which case they may still need to send and receive e-mail. Therefore, it should ensure that the information sent and received by the laptop uses secure Sockets Layer or transport Layer security.

Maintain notebook computer

Protecting enterprise Laptops is an ongoing task, and security threats are evolving. A good mobile security policy management involves not only laptops, but also many other portable devices. Terminal protection should also consider data protection, password control, and network access.

The more dangerous the environment, the less secure your laptop will be. The credibility of the company is also very easy to lose. A new reputation can be more expensive than any corporate laptop security.