Protect your business and intellectual property from hackers

Do secure or turn off unnecessary services

Each time we use our smart phones or tablets many unsecure services are turned on by default, such as Bluetooth, Wi-Fi, and location trackers. This can save you and the carrier money; if you are using data, you will not be charged for the data if the device is connected via Wi-Fi. The problem is that you could, without your knowledge, be connected to an unsecured wireless network where someone else on the network can use easily available tools to “sniff” or spy on your data.

Do understand “application permissions creep”

This occurs when applications on your phone request and/or access other apps or system services, such as your contacts, camera and photos, location services, text messages, voice recorder, etc. Most apps will ask permission for this or disclose in their terms of service what permissions they have access to on other areas of your device and what they do with data that they collect. The problem is that most of us assume that our contact list, text messages, email, and documents are kept separate and secured from social media or other apps that we use. However, this is not necessarily the case. For some businesses, the contact list that you or your employees have in your smartphone might actually be considered secret data that you want kept confidential. You do not want other apps having access to that data or selling it to third parties, which could be competitors.

Do use encryption, a Virtual Private Network and home and mobile device protection

Insist that any employee who connects from a home computer into your corporate network has proper security on their home network (such as a firewall and virus protection). Make sure that any digital devices connecting to your corporate network are also secured, which means that along with turning off unnecessary services and weighing the risk of using apps, make sure your employees use some type of security software, like Lookout Mobile.

To keep apps or prying eyes away from reading your sensitive data, I recommend using encryption for documents and email. Encryption is the process of encoding messages so that only authorized parties can read them. There are many encryption software programs available on the market. It is also highly recommend you use of a Virtual Private Network, or VPN, for all devices connecting into your network. A VPN is a privately created network connecting your remote devices securely to the corporate network over a public network such as the Internet. All traffic is encrypted in a VPN. In order to gain access to the private network, the remote user must be authenticated.

Do create a social media policy for your employees

Social media has given us wonderful ways to connect with friends, family, and colleagues. However, some people repeatedly share information on social media about themselves or their work that does not belong there. Teach your employees that they are not protected by privacy settings. Privacy settings can and do change. It is best to assume that whatever you post will be viewed by people you may not have intended to see it. If you don’t want employees giving away trade secrets or damaging your company’s reputation because of what they post, create a policy and make sure each employee understands it.

Do not use Wi-Fi or Bluetooth in public places on the same device where you store or discuss intellectual property

If you are at a coffee shop working on an unsecured network without using encryption, and you email important corporate documents or other materials, that traffic and everything else, including passwords, can be picked up and pieced back together by a hacker sharing that wireless network. If you must use Bluetooth, enable and allow discovery mode only when absolutely necessary. Remove your paired devices after each use. Turn off auto-discover and autosave connections for Wi-Fi so that you won’t automatically connect to wireless networks. When connecting to the internet using Wi-Fi, try to use an encrypted network that requires a password. Avoid online banking or other financial transactions or conducting any business in busy public areas and over unsecured Wi-Fi networks. Ensure that passers-by can't watch what you are typing (known as shoulder-surfing).

Do not skip over the “terms of service” of your smartphone or tablet apps

Make sure that you and your employees read the terms of service and view the permission settings of every application on all digital devices that are being used to conduct work. Most apps disclose in their terms of service what permissions they have access to, which means you can get an idea of what data they are collecting from your device. Weigh the risk to your corporate IP versus the need to use an app. Some smartphones might give you the option to disable certain permissions but still use an app (such as a GPS navigation app). If you must use social media apps that request permission to or take data from other areas of your phone, log in from the browser instead of the app. Make sure that any document-reading program that you or your employees use on a phone does not have the ability to read or store any of your data. Some external e-reader apps actually do have the ability to do this. This will give you at least some protection.

Do not overlook safety precautions for traveling employees

When connecting to a wireless network, make sure that the network is secured with a password. When we get to our destination and rent a car, the first thing most of us do is connect our smartphones to the car in order to use Bluetooth. When you do this, some cars will keep the text message history, contact list, and other data from your phone. If you connect your smartphone to a rental car, always delete the pairing before you return the car. In addition, be wary of using hotel business centers. I am not suggesting that all hotel business center computers are hacked, but I have done forensic examinations on their computers and I was shocked by how much malware, keyloggers (which could collect your password), and other viruses I found.

Do not use the same device for both your work life and your personal life, when possible

We used to keep our work and personal life separate, but now we use the same digital devices, such as smart phones and tablets, to connect to both. This causes some inherent risks to your businesses IP. No longer does an attacker have to try to break through your corporate firewall, because they just have to attack the lowest hanging fruit, such as the smartphones or social media that your employees or clients use to interface with your corporate network and business.