Build a Security Strategy for Your Business Laptops

posted in: Uncategorized | 0

Offices today look very different from the way they looked even five years ago, as companies increasingly equip their employees with laptops and mobile devices instead of, or in addition to, desktops.

According to a survey conducted by HarrisPoll/SHI, 12% of IT professionals intend to replace desktops with laptops in 2015. While such surveys illustrate the importance of mobility in the workplace, they also point to the definitive need to secure business laptops.

The transition from desktops to laptops “reflects the reality that employees are on the move, they want to take their work with them and they expect to work more flexibly today,” says Eric Skinner, vice president of market strategy at Trend Micro, a global security software company.

This growing adoption of laptops brings new security threats that business owners and IT departments need to consider. Unlike desktops, which have a permanent home on an employee’s desk, laptops are able to connect to a wide variety of personal and professional networks, providing significantly more points of entry for malicious behavior.
“Inherently, people are going to move those laptops around more, and will connect through different places, and increasingly that will mean that the work-related traffic will not go through the corporate network,” says Skinner. “Traditional ways of protecting the corporate network become less effective.”

Fortunately, companies embracing the benefits of laptops in the workplace can guard against potential security breaches by taking the following steps:

1. Create a Company-Wide Laptop Security Policy
Surprisingly, 73% of companies don’t have security policies specifically relating to laptops, according to Softection Digital Asset Protection.
When introducing laptops into the workplace, business owners should collaborate with IT departments and consultants to draft a set of rules and standards that govern workplace laptop use. This policy should be enforceable and measurable, and it should also provide accountability.

2. Tailor Your Laptop Security Policy to Your Work Environment
Ensuring the security of IT infrastructure requires a strong laptop security policy, but when it comes to drafting such a policy, one size does not fit all. Each organization needs to consider their legal and regulatory systems, company philosophy and industry best practices when drafting a policy that works best for them.
According to Skinner, that may include “ensuring that you’ve got encryption and patching happening well, ensuring that you have visibility to the cloud based services employees are accessing, and recognizing that standalone anti-virus software needs to be supplemented.”

3. Enlist the Help of Security Best Practices
Even before introducing laptops into the workplace, employers should consider security policies that include disk encryption, offline storage options, tracking software and password settings. They should also consider insurance packages that will replace lost or stolen laptops if they are taken out of the office on a regular basis.
Furthermore, laptops with highly sensitive information should also be em- bedded with software that can wipe the memory clean, should it fall into the wrong hands.

4. Educate and Enforce
Within a corporate environment, the risks associated with laptop security need to be taken seriously by employees at every level. While risk of termination or other disciplinary action might help reinforce the importance of protecting devices and data, company-wide education is often considered the best practice.
Educating employees on the risks of connecting to a public Wi-Fi from a corporate laptop, for example, might help prevent employees from making inadvertent but potentially harmful mistakes.

5. Encrypt and Protect
One of the inherent risks of switching from desktops to laptops is that laptops are significantly easier to misplace or even steal, while desktops typically remain locked up inside an office.
Skinner says the best way to protect enterprise data from being physically lost or stolen is through encryption. “Encrypt the laptops, because you don’t want the loss of a laptop to result in a data breach,” he explains.