Difference between revisions of "Secure Remote Working - Device Considerations"

Background

With the increase in BYOD (Bring Your Own Device) and remote working, it is important to be mindful of what and how devices are used to conduct business activities. Each type of device be it a router, smartphone, laptop or tablet can be used to remote work which if not properly secured, become a target for compromise.

It is important to remember that these devices and the software that runs on them should be used for unclassified and non-sensitive work only.

This page will provide some tips and tricks as well as some common risks and security issues that come along with a BYOD model.

Risks and Security Concerns

Personal Devices in an enterprise work environment can create security risk some of which include:

• Target for Social Engineering - Attackers tailor attacks towards certain individuals based on collect personal data or interests.
• Data Loss and Data Leaks - Sensitive data being dispersed to people who should not have access to it or erased/destroyed all together.
• Lack of Patch Management - Attackers can leverage out-of-date and flawed software to exploit and gain access to a device.
• Device/Asset Loss - Theft or loss of a device which cannot be accounted for.
• Weak Anti-virus or Firewall Configurations - Attackers can exploit these weak security postures to gain access to a device.

These are a subset of a large list of potential areas of exploitation if a device is not secured adequately.

Device Security Recommendations

Using personal devices when working in an unclassified and non-sensitive environment is encouraged, however employee's should keep in mind best practices and recommendations when using these devices. Some of these include: