How to keep your mobile safe with Sophos

September 15, 2019 posted by


hello to you and welcome back now in
this episode we are at the beautiful offices of Sophos and joined by these two
lovely gentlemen and welcome back to the show welcome back to you Jon and of
course Gavin welcome back now last time in the
episode we were talking about securing a workplace kind of network but we want to
know how easy is it and what we need to do to secure mobile devices because of
the year and the age that we live in we need to be able to kind of work out on
the road so securing a mobile workforce what are the kind of the tool
recommendations what is it you think well you said in the old days the office
was like a fortress and you built your walls up around it but now people always
out in the field so the first thing is technology to be able to allow you to
connect resources back in the office so we use things like VPNs Virtual Private
Network so you can take the device and basically look at and feel as if you’re
in the office about access all those resources but then of course you’ve got
to secure those devices themselves and make sure they’re not lost and stolen
for exampled. Now I’m gonna come over to yourself what are some of the kind of
what would you say best practices so if I’m someone that’s working out in the
field and am still – using the device what kind of tools and things would you
recommend what are the best practices to make sure I can keep that device as
secure as possible okay so I think if you’re took in in a corporate
environment there are several things that should be done so we should have an
MDM application of some sort that rolled out okay so MDM is mobile device
management and mobile device is not necessarily a laptop or a desktop or a
mobile phone it can be anything a tablet or anything that you’re taking with you
so it should be a corporate policy for mobile devices whether that’s BYOD bring
your own device or whether it’s a corporate owned device but essentially
an MDM application policy would allow you to control certain things on that so
it will ensure things like that full disk encryption is turned on that’s
really important so especially in the age of compliance of we live in now if you
lose a device you have to be able to show that that device is encrypted
okay if you can show that it’s encrypted you’ve taken certain steps to make sure
the data can’t be recovered and then any implications fine wise that you might
have would certainly be lesson there are other things you can do so you can you
need to make sure you’ve got certain passwords on your device so an MDM
application might say that you have to have a eight
digit passcode on your phone something like that so lots of things that MDM can
do control and will secure your devices essentially when they’re out in the
field the other things you need to do is well especially from a corporate
application point of view is its turn on things like multi-factor authentication
really really important so if you’re out and about you’re using office 365 you’re
not even having to connect to your core network forever VPN it’s it’s natively
online now but using two-factor authentication it is so important it
ensures that it’s you and you alone can get actually app access to your account
and you do that by using a token and that might be a physical hardware token
or more often than not now is actually an application on a mobile device so
an authenticator app essentially those things are absolutely key to make it
making sure that you work in security so keep it on the I’m gonna talk about the
MDM MDM that kind of start so say what if I lost my device it’s got all that
important information on it you know what what does it in terms of the
business how how what can we do to protect that other pretend the
information that’s on it what can we do so one of the things to make you a
device compliant might be that you would have to make sure there’s a passcode
lock on there or their face recognition or thumb print ID or something like that the idea
of that being is if that device is just left lying around
no one authorised user can access it but if the worst happens and you completely
lose access to that device you leaving it in a taxi cab for example then the IT
department back in the office they would be able to do things like remote wiping
that device so that that data is completely removed and there’s no hope and they can do that literally anywhere
yeah absolutely the MDM platform mobile device platform is there to find the
device locate it and then if you really want to then you’ve got opportunity to
erase that device completely if you need to which is always reassuring especially
now like we mentioned earlier you need to be able to literally grab your stuff
and go in our industry that you’re in in knowing that you can do that the clicker
is it I’m assuming it’s just literally a click of a button it is and it’s done so
is there any kind of other any of the dangers of kind of I’m thinking more I’m
kind of using that mobile device while you’re out and about
the dangers that we should be aware of in terms you know should be should we be
encrypting all our devices should we be using extra protection what kind of
things should we be doing but we’ve talked about encrypting the device
itself so you lose access to it but also there’s the opportunity to encrypt the
data that you’re transferring backwards and forwards so for example when you
send out an email it’s a bit like sending a postcard all of that data is
there and potentially available for somebody else to pick up but if you
encrypt that data then it means only the sender and the authorizer simply can
actually access that and that’s going to be really important if you’re sending
personnel identifiable information you should never really send things like
bank details credit card either that’s all I think over over email but if you
are going to do it at least if it’s encrypted and you’re still making sure
that that’s not going to get into the wrong hands
and how easy is it to do then – is it an easy task
encrypting for some of these emails and stuff are thanks exactly up to what
level you want to go to but there are devices out there that can set the edge
of the network and recognize emails going out that might contain sensitive
information if you’re using cloud platforms and the opportunity to set
encryption on those things it’s a considered choice but it’s a
worthwhile exercise to go through because the reality is that you know I
suspect all of your viewers that have at some point for example sent an email to
the wrong price completely innocently oh no yeah guilty they’ve all done it yeah
absolutely but if you’re encrypting it then it means only the authorized
recipient is going to be able to actually open that so there’s there’s
much less risk of that data falling into the wrong hands
so something definitely that from a business point of view something
definitely would you would need to look into our at least kind of yeah
absolutely yes so an organization level again you know if you’re deploying it a
corporate in a corporate environment there are lots of applications for
encrypting email but yes so something that encrypts it seamlessly to the user
is easy it’s what you want but something that secures that mail in that band at
the organization essentially one thing I think also to know is well if you’re if
you’re if you’re out and about and you’re using a mobile device a lot the
ubiquity of wanting to be able to connect to wireless all the time is an
absolute it’s like a fundamental need for everyone now yeah yeah but you know
just make sure you’re connecting to an access point that you know about and and
and try and avoid where possible using open access points so it might be very
convenient for example to go to you know a station or something like
that and find an open access point to connected you might think that’s the
stationers access point but you know if you can tether to your mobile device
something you know it’s secure or connect to an access point you know is
secure it is a much preferred way of connecting because that way you’re not
going to be subject to any anything like a man-in-the-middle attack or or
anything nasty that’s it that access point is it potentially dip so when
you’re saying an open access point you mean like you mean like in a free public
Wi-Fi signal that’s out there so are they quite susceptible then to a lot of
attacks thing not necessarily the device itself but it’s very easy as a cyber
criminal to to take a little portable device along and and masquerade as that
public Wi-Fi so you can sit in the coffee shop and set up a wireless
network name that looks plausible and then basically you’re sitting there
controlling all of the users traffic and have visibility to all that traffic yeah
and then yeah so you might get you might get warnings in your internet explorer
same certificate isn’t valid do you want to proceed and yes yes yes I want to
proceed because you want to get to because you want to get to the website
right yeah I do want to get on to the website but actually if you’re doing
that your day and access to that information that is being sent so many
telltale signs then of that would say sorry I’m touching on this because it’s
the kind of the first time for me that I’m ever hearing and kind of this kind
of open network thing so and so I found them out on the road I’m doing some work
and you know that’s happening is there a telltale sign I could possibly look out
for that that could be something or is it just literally you just you just
don’t know it is quite challenging I mean again misspelled SS IDs or wireless
network names if they’re incorrect if you’ve got multiple that look very
similar then that might be a telltale but at least one of them is fraudulent
but it’s very difficult to spot the best way to protect yourself is is maybe
using something like a VPN so you’re you’re then basically encrypting all of
your traffic and it goes back to the office and then it goes out to the
Internet and that way you’re keeping it private even if there is a cyber criminal of
sitting in the sequence absolutely yeah thanks now so I hope you’ve learned a
lot of time I tell you what I’m learning I’ve learnt loads out of all of this but
that is all that we have time for in this episode I want to say a huge thank
you to the both of you for joining us again but if you want to keep up to date
with us all you need to do is head over to ChessICT.co.uk
where you can check all our videos online just there but we’ll see you next
time and bye bye for now

No Comments

Leave a Comment

Your email address will not be published. Required fields are marked *