5 Tips to Protect Your Business from Hackers
Jan 24, 2019
By Tyler Cohen Wood
In today’s fast paced business world, no one works solely from the office anymore. Employees and clients are always on the go, using mobile devices to stay connected both in and out of the office. We used to keep our work and personal life separate, but now we use the same digital devices, such as smart phones and tablets, to connect to both. While this technology is a boon to productivity, what private data, tradecraft, or intellectual property might, unknown to us, end up in the hands of corporate spies, hackers, or data marketers?
The key to protecting your company’s Intellectual Property in our tech-driven, on the go world is to first understand these new threats. Educate yourself and your employees about the risks and work with your IT team or a consultant to mitigate them. Because I believe the greatest threat to a business’s security is through connected devices, that is what we will focus on here.
Here are five tips to protect your business’s IP:
1. Secure or turn off unnecessary services. Each time we use our smart phones or tablets, many unsecured services are turned on by default, such as Bluetooth, Wi-Fi, and location trackers. This can save you and the carrier money; if you are using data, you will not be charged for the data if the device is connected via Wi-Fi. The problem is that you could, without your knowledge, be connected to an unsecured wireless network where someone else on the network can use easily available tools to “sniff” or spy on your data. For example, if you are at a coffee shop working on an unsecured network without using encryption, and you email important corporate documents or other materials, that traffic and everything else, including passwords, can be picked up and pieced back together by a hacker sharing that wireless network. Tips around this issue:
a. If you must use Bluetooth, enable and allow discovery mode only when absolutely necessary. Remove your paired devices after each use.
b. Turn off autodiscover and autosave connections for Wi-Fi so that you won’t automatically connect to wireless networks.
c. When connecting to the internet using Wi-Fi, try to use an encrypted network that requires a password. Avoid online banking or other financial transactions or conducting any business in busy public areas and over unsecured Wi-Fi networks. Ensure that passers-by can't watch what you are typing (known as shoulder-surfing).
2. Understand application permissions creep. This occurs when applications on your phone request and/or access other apps or system services, such as your contacts, camera and photos, location services, text messages, voice recorder, etc. Most apps will ask permission for this or disclose in their terms of service what permissions they have access to on other areas of your device and what they do with data that they collect. The problem is that most of us assume that our contact list, text messages, email, and documents are kept separate and secured from social media or other apps that we use. However, this is not necessarily the case. For some businesses, the contact list that you or your employees have in your smartphone might actually be considered secret data that you want kept confidential. You do not want other apps having access to that data or selling it to third parties, which could be competitors. Here’s what you can do:
a. Make sure that you and your employees read the terms of service and view the permission settings of every application on all digital devices that are being used to conduct work. Weigh the risk to your corporate IP versus the need to use an app.
b. Some smartphones might give you the option to disable certain permissions but still use an app (such as a GPS navigation app).
c. If you must use social media apps that request permission to or take data from other areas of your phone, log in from the browser instead of the app. This will give you at least some measure of protection.
d. Make sure that any document-reading program that you or your employees use on a phone does not have the ability to read or store any of your data. Some external e-reader apps actually do have the ability to do this.
3. Use encryption, a Virtual Private Network, and home and mobile device protection. Additionally, insist that any employee who connects from a home computer into your corporate network has proper security on their home network (such as a firewall and virus protection). Make sure that any digital devices connecting to your corporate network are also secured, which means that along with turning off unnecessary services and weighing the risk of using apps, make sure your employees use some type of security software, like Lookout Mobile. To keep apps or prying eyes away from reading your sensitive data, I recommend using encryption for documents and email. Encryption is the process of encoding messages so that only authorized parties can read them. There are many encryption software programs available on the market. I also highly recommend the use of a Virtual Private Network, or VPN, for all devices connecting into your network. A VPN is a privately created network connecting your remote devices securely to the corporate network over a public network such as the Internet. All traffic is encrypted in a VPN. In order to gain access to the private network, the remote user must be authenticated.
4. Make sure that employees use secure precautions when traveling. When connecting to a wireless network, make sure that the network is secured with a password. When we get to our destination and rent a car, the first thing most of us do is connect our smartphones to the car in order to use Bluetooth. When you do this, some cars will keep the text message history, contact list, and other data from your phone. If you connect your smartphone to a rental car, always delete the pairing before you return the car. In addition, be wary of using hotel business centers. I am not suggesting that all hotel business center computers are hacked, but I have done forensic examinations on their computers and I was shocked by how much malware, keyloggers (which could collect your password), and other viruses I found.
5. Create a social media policy for your employees. Social media has given us wonderful ways to connect with friends, family, and colleagues. However, some people repeatedly share information on social media about themselves or their work that does not belong there. Teach your employees that they are not protected by privacy settings. Privacy settings can and do change. It is best to assume that whatever you post will be viewed by people you may not have intended to see it. If you don’t want employees giving away trade secrets or damaging your company’s reputation because of what they post, create a policy and make sure each employee understands it.
If you implement these five tips, you will be well on your way to protecting your company’s intellectual property and tradecraft. A little effort now will ensure that your business is protected from outside threats for the long run.Here are some additional AMA resources for IT professionals:
Technical Project Management
Communication and Interpersonal Skills for Technical Professionals
About the Author(s)
Tyler Cohen Wood is a senior officer and Cyber Branch Chief for the Defense Intelligence Agency. She has over 14 years of experience with cyber forensics, supporting the Department of Defense and law enforcement. She is the author of Catching the Catfishers: Disarm the Online Pretenders, Predators, and Perpetrators Who Are Out to Ruin Your Life. All views are her own and do not in any way reflect those of my employing agency or the United States Government.