In today’s fast paced business world no one works solely from the office anymore. Employees and clients are always on the go, using mobile devices to stay connected both in and out of the office. We used to keep our work and personal life separate, but now we use the same digital devices, such as smart phones and tablets, to connect to both. While this technology is a boon to productivity, what private data, tradecraft, or intellectual property might, unknown to us, end up in the hands of corporate spies, hackers, or data marketers?
The key to protecting your company’s Intellectual Property in our tech-driven, on the go world is to first understand these new threats. Educate yourself and your employees about the risks and work with your IT team or a consultant to mitigate them. Because I believe the greatest threat to a business’s security is through connected devices, that is what we will focus on here.
- secure or turn off unnecessary services
- understand “application permissions creep”
- use encryption, a Virtual Private Network and home and mobile device protection
- create a social media policy for your employees
- use Wi-Fi or Bluetooth in public places on the same device where you store or discuss intellectual property
- skip over the “terms of service” of your smartphone or tablet apps
- overlook safety precautions for traveling employees
- use the same device for both your work life and your personal life, when possible
Each time we use our smart phones or tablets many unsecure services are turned on by default, such as Bluetooth, Wi-Fi, and location trackers. This can save you and the carrier money; if you are using data, you will not be charged for the data if the device is connected via Wi-Fi. The problem is that you could, without your knowledge, be connected to an unsecured wireless network where someone else on the network can use easily available tools to “sniff” or spy on your data.
This occurs when applications on your phone request and/or access other apps or system services, such as your contacts, camera and photos, location services, text messages, voice recorder, etc. Most apps will ask permission for this or disclose in their terms of service what permissions they have access to on other areas of your device and what they do with data that they collect. The problem is that most of us assume that our contact list, text messages, email, and documents are kept separate and secured from social media or other apps that we use. However, this is not necessarily the case. For some businesses, the contact list that you or your employees have in your smartphone might actually be considered secret data that you want kept confidential. You do not want other apps having access to that data or selling it to third parties, which could be competitors.
Insist that any employee who connects from a home computer into your corporate network has proper security on their home network (such as a firewall and virus protection). Make sure that any digital devices connecting to your corporate network are also secured, which means that along with turning off unnecessary services and weighing the risk of using apps, make sure your employees use some type of security software, like Lookout Mobile.
To keep apps or prying eyes away from reading your sensitive data, I recommend using encryption for documents and email. Encryption is the process of encoding messages so that only authorized parties can read them. There are many encryption software programs available on the market. It is also highly recommend you use of a Virtual Private Network, or VPN, for all devices connecting into your network. A VPN is a privately created network connecting your remote devices securely to the corporate network over a public network such as the Internet. All traffic is encrypted in a VPN. In order to gain access to the private network, the remote user must be authenticated.
Social media has given us wonderful ways to connect with friends, family, and colleagues. However, some people repeatedly share information on social media about themselves or their work that does not belong there. Teach your employees that they are not protected by privacy settings. Privacy settings can and do change. It is best to assume that whatever you post will be viewed by people you may not have intended to see it. If you don’t want employees giving away trade secrets or damaging your company’s reputation because of what they post, create a policy and make sure each employee understands it.
Do not use Wi-Fi or Bluetooth in public places on the same device where you store or discuss intellectual property
If you are at a coffee shop working on an unsecured network without using encryption, and you email important corporate documents or other materials, that traffic and everything else, including passwords, can be picked up and pieced back together by a hacker sharing that wireless network. If you must use Bluetooth, enable and allow discovery mode only when absolutely necessary. Remove your paired devices after each use. Turn off auto-discover and autosave connections for Wi-Fi so that you won’t automatically connect to wireless networks. When connecting to the internet using Wi-Fi, try to use an encrypted network that requires a password. Avoid online banking or other financial transactions or conducting any business in busy public areas and over unsecured Wi-Fi networks. Ensure that passers-by can't watch what you are typing (known as shoulder-surfing).
Make sure that you and your employees read the terms of service and view the permission settings of every application on all digital devices that are being used to conduct work. Most apps disclose in their terms of service what permissions they have access to, which means you can get an idea of what data they are collecting from your device. Weigh the risk to your corporate IP versus the need to use an app. Some smartphones might give you the option to disable certain permissions but still use an app (such as a GPS navigation app). If you must use social media apps that request permission to or take data from other areas of your phone, log in from the browser instead of the app. Make sure that any document-reading program that you or your employees use on a phone does not have the ability to read or store any of your data. Some external e-reader apps actually do have the ability to do this. This will give you at least some protection.
When connecting to a wireless network, make sure that the network is secured with a password. When we get to our destination and rent a car, the first thing most of us do is connect our smartphones to the car in order to use Bluetooth. When you do this, some cars will keep the text message history, contact list, and other data from your phone. If you connect your smartphone to a rental car, always delete the pairing before you return the car. In addition, be wary of using hotel business centers. I am not suggesting that all hotel business center computers are hacked, but I have done forensic examinations on their computers and I was shocked by how much malware, keyloggers (which could collect your password), and other viruses I found.
We used to keep our work and personal life separate, but now we use the same digital devices, such as smart phones and tablets, to connect to both. This causes some inherent risks to your businesses IP. No longer does an attacker have to try to break through your corporate firewall, because they just have to attack the lowest hanging fruit, such as the smartphones or social media that your employees or clients use to interface with your corporate network and business.
In today’s fast paced business world no one just works from the office anymore. Our employees and clients are always on the go and working outside of the office, using mobile devices for telecommuting and productivity has become mainstream. Implementing the advice above will help you to protect your company’s intellectual property and tradecraft. A little effort now will ensure that your business is protected from outside threats for the long run.