2. Securing
your mobile success
It’s time to STOP thinking about security as a reason to say
‘no’ and START thinking about it as a reason to say ‘yes’.
Advances in technology and mobility come at In this guide you’ll find 15 practical tips,
us fast and furiously. Successful businesses will suggestions and ideas you can implement right
embrace the technologies that spur growth but now to help secure your business. If you want to
also remain aware of potential risks and have a dig deeper, we offer links to many other sources of
plan to deal with them. inspiration.
It starts with understanding the many available Dive in now for ideas on how to securely harness
security features and tools on the market. This will the power of mobility.
help you make better decisions about the wireless
technologies that are best for your business.
A GUIDE TO SECURING YOUR BUSINESS 2
3. 15 ways
to Secure Your business
Practical Business Security Advice
1. What’s Your Organization’s Mobile Security IQ? »
2. Get Educated: Learn from Other Businesses »
3. Kickstart a New IT Risk Attitude »
Device, App & Network Tips
4. Discover Built-in BlackBerry Defenses »
5. Beyond Pass-code Lock: Keeping Your iPhone and Data Safe »
6. Is Android Secure Enough for Business? »
7. Master Mobile Device Management »
8. Securing Personal Devices at Work »
9. Do You Know Where Those Apps Go? »
10. Hit the Road Jack: Mobile Computing Made Safe »
11. Shut Out Hackers: Secure Your Wireless Wi-Fi Network »
12. Make Network Downtime a Thing of the Past »
Emerging Technology Tips
13. Securing the Cloud »
14. I Spy: Monitoring Your Business from Afar »
15. Protecting against Emerging Threats »
A GUIDE TO SECURING YOUR BUSINESS 3
4. 1
What’s Your Organization’s
Mobile Security IQ?
How does your business rank when
it comes to proactive security?
Don’t Assume Your Business is Secure. Find Out For Sure.
Why It matters
Assessing the security risk of the technology, processes and people
that support your business is the first step in securing your business.
Self assessment tools, like the ones to the right, are easy, fast and
typically free. So why not start now?
What It Can Do For Your Business
Identify security risks and monitor your
• Help you evaluate where your business stands and give you ideas
ability to respond to threats in your
on how to mitigate future risk. computing environment with
Microsoft’s Security Assessment Tool.
• Identify the greatest risks to your business and prioritize which to
tackle first.
• Create a “wake-up call” for your leadership team on risks and priorities.
3 THINGS YOU CAN DO NOW
1. Take the quiz. No matter what your score, you’ll find opportunity
for improvement or reinforcement of what to keep doing.
2. Share the results with your staff to educate them on risks.
3. Build awareness with your leadership team. Share your scores,
including how you fared on existing security measures, to help get Find out how well your business is
buy-in for future security proposals. protecting personal information and
how compliant you are with mandatory
regulations with this self assessment tool
from the Office of the Privacy
Commissioner of Canada.
A GUIDE TO SECURING YOUR BUSINESS 4
5. 2
Get Educated:
Learn from Other Businesses
What are successful companies
doing to protect their business?
Get security survey highlights and practical mobile advice.
Why It matters
Smart companies are becoming more proactive about security, deploying
security processes and security tools to protect their business and gain a
competitive edge. Learn from them in the latest security research.
What It Can Do For Your Business
• Fuel change – security best practices from other businesses can Get highlights from the 2010 CIO
Security Survey and practical mobile
help motivate your leadership team to act now. security tips with this webinar from IT
• Keep you focused on what matters – figure out where to focus World Canada.
your efforts and how to prioritize security initiatives.
Read this white paper
• Secure your business faster with practical ideas from companies for a realistic vision of
like yours. how mobile security
needs to be considered
to help businesses grow
3 THINGS YOU CAN DO NOW
1. Read free annual security reports – Take a look back at the past
year and ahead to the threats we can expect. Access a full list of
free reports from security companies, publishing organizations and Deep dive into security
best practices with the
IT research businesses here.
2012 Global State of
2. Subscribe to free ongoing security news e-blasts or blog posts – Information Security
Survey® from Price
Stay on top of the latest threats with expert advice from IT publishing
Waterhouse Coopers.
companies like IT World Canada, Tech Republic or CNET.
3. Be part of the conversation – Security is a hot topic. Now is the
time to reach out to your network of tech colleagues or attend a
mobile tech security event for advice.
A GUIDE TO SECURING YOUR BUSINESS 5
6. 3
Kickstart a New IT Risk Attitude
Your employees: responsible risk takers or data daredevils?
Bring risk management out of the IT department and into everyone’s job.
Why It matters
Human error is the primary cause for security breaches in business
today, yet most organizations provide little on-going security
education to non-IT staff. With the rest of the company thinking
risk and security is IT’s responsibility, it’s wise to consider making risk
Find out how to make risk
management everyone’s job. management more personal in your
business with this blog post.
What It Can Do For Your Business
• Significantly increase the level of security in your business.
• Build a culture of security and responsibility.
• Help your business be more proactive in new technology decisions.
3 THINGS YOU CAN DO NOW
1. Make all employees risk managers. Add accountability for risk
management to performance goals for everyone across the company.
Learn about what global IT managers and
2. Build a comprehensive communication plan that teaches CIOs are doing to better mitigate risk with
this Global Risk Study from IBM.
employees about emerging threats, security policies, and
best practices.
3. Commit to ongoing risk management training.
The lack of end-user training is a growing threat to IT security. Want More?
Get tips on how to help employees
understand data risk management here »
A GUIDE TO SECURING YOUR BUSINESS 6
7. 4
Discover Built-in
BlackBerry Defenses
Your BlackBerry smartphone is a security powerhouse.
Are you harnessing its power for good?
Get BlackBerry security tips and tricks straight from the pros.
Why It matters
Over the last decade, RIM has built a sound reputation on the strength
of its security features. This has much to do with Business Enterprise
(BES) software. But even the best software doesn’t protect against
®
uninformed or negligent BlackBerry users. Implementing a few quick
and easy safeguards can go a long way in securing your devices and
the information on them.
Check out this webinar to find out more
about BlackBerry built-in security tools.
®
What It Can Do For Your Business
• Protect against unwanted applications and malware.
• Manage multiple devices on RIM’s stable and secure
operating system.
Want More?
• Protect your sensitive data no matter how it’s accessed. Check out the BlackBerry security
®
knowledge base for a wealth of
information on all aspects of security
3 THINGS YOU CAN DO NOW for BlackBerry devices.
®
1. Set a password policy with a minimum length of 5 characters and
Get 5 tips from CIO.com to keep your
a maximum of 10 password tries before automatic device self wipe. BlackBerry smartphone safe here.
®
Click here to find out how to add a password to your smartphones.
2. Encrypt data stored on your device and/or your microSD media
card in four simple steps. Click here to find out how.
3. Wipe devices before they are passed on to another employee. Go to
the options menu on the device, select security, then security wipe.
It will ask you to type in BlackBerry to complete the wipe.
A GUIDE TO SECURING YOUR BUSINESS 7
8. 5
Beyond Pass-Code Lock:
Keeping Your iPhone and Data Safe
Have you thought beyond the basics?
Learn how to keep information secure on business iPHONES.
Why It matters
Apple has polished the business features of its operating system with
security that stretches well beyond pass-code locks. From Exchange and
remote wipe support, security and configuration to VPN options and
encryption, Apple users can now keep their iPhones and the data they
®
access safe.
Hear what Apple has to say
What It Can Do For Your Business about iPhone security in this
®
on-demand webinar.
• Provide a layered approach to keeping your information secure
with device policies, restrictions and encryption.
• Protect all data stored on devices with hardware encryption.
• Clear data and settings remotely in the event of loss or theft.
3 THINGS YOU CAN DO NOW
1. Manage iPhone through a central console. Set up accounts,
®
set restrictions, and configure devices quickly and remotely using
a third-party console for mobile device management. Click here to
find out how. Get informed: everything you want
to know about Apple’s security
2. Set up VPN access and teach your employees how to turn it on, features for iPhone here.
®
so you can communicate private information securely over a public
network. Get help on setting up VPN here.
3. Get a security app. Security apps can add another layer of protection
for business, from biometric security apps that authenticate users with Want More?
the touch of a finger, to alarms that protect your device from Get more security tips on how to secure
theft or loss. your data from Apple here.
A GUIDE TO SECURING YOUR BUSINESS 8
9. 6
Is Android Secure Enough
for Business?
Did you know the latest Android devices are
packed with better security features?
Get better control and security over personal and business devices.
Why It matters
Why should you care about Android ? Employees are increasingly opting to
™
bring their personal devices to work. Android , Google’s operating system that
™
powers many of the world’s smartphones, gives you the ability to manage and
secure a good portion of these devices from one simple operating system.
Get security advice straight from Android™
in this on-demand webinar webinar here.
What It Can Do For Your Business
• Better control over personal and business mobile devices at work.
• Access to a universe of third-party security solution providers who Get informed:
can quickly custom build secure apps for your business on 5 things you
Android’s open platform. should know
about Android ™
• Set-up, configure and perform frequent security updates with for business.
relatively little effort using auto-discovery features.
3 THINGS YOU CAN DO NOW
1. Stop saying ‘no’ to personal devices. The last thing you want is
Want More?
a rogue experience at your company. An informed IT department is
the best way to ensure your business is secure. Get advice on how Learn 6 ways to protect your Google
phone here.
to manage personal devices at work here.
Check out this essential guide to Android ™
2. Adopt mobile device management (MDM). This is a critical part at work for business users here.
of managing the plethora of Android devices, so take the time to
™
Get 10 tips to turn Android into a
™
chose features wisely. Get MDM advice here. business phone here.
3. Use Google apps to manage Android security policies.
Google Apps Device Policy Administration can help you enforce
policies and remotely wipe lost or stolen devices.
A GUIDE TO SECURING YOUR BUSINESS 9
10. 7
Master Mobile Device Management
Are you managing mobile technology on the fly?
Centralize your control. Minimize the risk.
Why It matters
Find out how mobile
Many businesses have a myriad of devices and operating systems accessing device management
can benefit your
company data. How prepared are you to manage yours? Mobile device
business with this
management (MDM) tools are quickly becoming a must-have. Not only can white paper
from Juniper and
they help centralize the control, security and costs of these devices, but they
Enterprise Strategy
can also minimize the time spent on maintenance. Group.
What It Can Do For Your Business
This e-book is chock
• Manage assets, inventory management, software licenses, security full of juicy discussions
controls, and more. on the latest trends in
mobility. Topics covered
• Quickly authenticate your staff, regardless of their device. include mobile device
• Speed up device and software deployment and reduce downtime by management and app
development. Skip to
diagnosing and fixing problems remotely. page 70 for specific
advice on device
management tools.
3 THINGS YOU CAN DO NOW
1. Prioritize mobile device security and management needs. Figure 6,
page 7 of Juniper’s whitepaper has a great list to get you started.
2. Choose an integrated MDM solution instead of many individual
tools. Ideally it should integrate with network access controls, support
all popular devices and cover the full life cycle of devices. Check out
these MDM players: Juniper, MobileIron and Trellia.
3. Mean what you say: enforce policy. Monitor device usage, limiting or
removing privileges where necessary, and blocking insecure sites or networks.
A GUIDE TO SECURING YOUR BUSINESS 10
11. 8 Securing Personal Devices at Work
Is it time for a Bring Your Own Device (BYOD) policy
for your business?
Give your team the tools they need to securely access corporate data
from personal smartphones or tablets.
Why It matters
Today’s workers are bringing their own personal smartphones, tablets and
laptops to the office for both personal and professional use. Many businesses
have accepted this reality and are creating strategies that offer employees more
freedom in exchange for a higher level of personal accountability.
What It Can Do For Your Business
• Keep employees happy and productive while reducing cost of
ownership for devices.
Find out how your business can capitalize
• Support telecommuters and create a more flexible work on BYOD in this webcast and white paper
environment from Unisys.
• Reduce unauthorized access to company data from staff-owned devices.
3 THINGS YOU CAN DO NOW Want More?
Get tips from Unisys on developing a
1. Set clear expectations and policies. Be clear about which
BYOD policy here.
personal mobile devices are allowed in the workplace and how
7 questions you should answer before you
you expect staff to keep these devices safe (managing passwords, implement BYOD at your company. Sybase.
using only sanctioned apps etc.).
See how smart companies are letting
2. Invest in a mobile device management solution. Retain control employees use their personal gadgets to
and visibility over all devices from a central platform, installing do their jobs. Wall Street Journal.
software that creates walls between corporate and personal data
and enables data blocking or wiping.
3. Revisit reimbursed policies. Some companies are moving to a
shared-responsibility model, implementing optional BYOD policies
and supporting them with grants, stipends, and loans.
A GUIDE TO SECURING YOUR BUSINESS 11
12. 9
Do You Know
Where Those Apps Go?
Got the latest must-have business app?
How do you stop it from accessing off-limit data?
Make sure to include apps as part of your regular mobile security check.
Why It matters
Apps can pack a lot of power into your pocket. Before inviting them in, make
sure you know the full capabilities of these programs, including the amount
of information they take from your employees’ devices. Including apps as part Find out how mobile apps access personal
data and explore security with this report
of your regular mobile security check can help keep your business safe. from Lookout Security.
What It Can Do For Your Business
• Prevent staff from unintentionally exposing your network and
devices to viruses and hackers.
• Limit the downloading of malicious, pirated or repackaged
applications from unofficial websites.
• Ensure that apps on business-used devices are not accessing
sensitive business data without your permission or knowledge.
Watch this video from No Panic Computing
to learn how to change Facebook privacy
3 THINGS YOU CAN DO NOW settings to stop it from accessing employee
information.
1. Say ‘no’ to app permissions. Did you know nearly one third of
apps in major apps stores access users’ locations? And an increasing
number also access contacts? Make sure users know when to say ‘no’
to apps that are requesting this kind of information access.
2. Create a pool of approved apps. Define app download policies
and make sure users only download (and update) approved software.
3. Use application access control software. Not all apps are what they
seem. These tools look at how your device is behaving and, if it sees
something suspicious, quarantines and even remote wipes it.
A GUIDE TO SECURING YOUR BUSINESS 12
13. 10
Hit the Road Jack:
Mobile Computing Made Safe
A few simple changes to the way you use mobile computers
can go a long way in protecting your business.
Protect your mobile devices and the information they access from theft.
Why It matters
Your business is contained on your employees’ laptops, notebooks and
tablets, yet the increasing complexity of technology, connectivity, security
and confidentiality creates unprecedented risk. Whenever sensitive
data is stored outside firewalls or accessed through Wi-Fi and remote
networks, it’s smart to take added security measures to minimize risk.
What It Can Do For Your Business Get tips on how to make mobile
computing safe in this on-demand
• Help employees work safely from home or on the road. webcast.
• Protect your business from theft of intellectual property or
valuable devices. Mobile Computing Video Tips
from No Panic Computing
• Limit access to important data to the intended user.
Tip 1: Learn
how biometrics,
3 THINGS YOU CAN DO NOW passwords and
encryption can
1. Save or backup documents to a shared network drive or the protect your laptops
cloud, not a hard drive. Protect important files from computer and tablets here.
crashes and laptop losses.
Tip 2: Learn how
2. Encrypt Microsoft Word docs. Encrypting a document is as
®
to identify phishing
simple as right clicking and selecting “encrypt”. Why not enforce scams with this
video from No Panic
encryption? Computing here.
3. Advise employees of simple do’s and don’ts. Don’t leave it in a car,
do carry it in a backpack, don’t fall for common phishing scams. Tip 3: Learn how
to avoid a common
security threat for
Windows XP here.
A GUIDE TO SECURING YOUR BUSINESS 13
14. 11
Shut Out Hackers:
Secure Your Wireless Network
Are you underestimating the security of your Wi-Fi network?
Hackers love to penetrate networks. Make sure yours is secure.
Why It matters
To protect your business, it’s important to keep outsiders from accessing Get quick tips on
your Wi-Fi network. Don’t hold off on protecting your network; hackers are working wirelessly,
both in and out of
increasingly focusing on small- and medium-sized businesses. Fortunately, there the office.
are simple, low-effort things you can do now to improve network security.
What It Can Do For Your Business
• Protect your network from disruption, which can jeopardize
confidential customer data, interfere with supply chain activities
and result in lost revenue.
• Keep your business compliant with Canadian privacy regulations
such as PIPEDA.
• Give your mobile staff a secure way to access your network from public Learn from Cisco in this video: What
hotspots when travelling. are Bots, Viruses, Malware, Spyware?
3 THINGS YOU CAN DO NOW 7 considerations
for your wireless
1. Change wireless router default settings and stop network for you
to think about,
broadcasting your Network ID. Click here to find out how. courtesy of Focus
2. Minimize signal leakage. Move your router to the middle of the Research.
office and turn it off if not in use for long periods of time.
3. Invest in a virtual private network (VPN) so that mobile workers
can securely connect to your network from public Wi-Fi hotspots Want More?
while on the road. Click here for more information on VPN
Click here for a quick lesson on Wi-Fi
security with this free online class from
Hewlett-Packard.
A GUIDE TO SECURING YOUR BUSINESS 14
15. 12
Make Network Downtime
a Thing of the Past
How much revenue do you lose during Internet outages?
What’s the impact to your reputation if your
POS system goes down?
Keep your business up and running when your primary network goes down.
Why It matters
How much is
Downtime for critical systems can mean huge revenue and productivity network downtime
losses and impact your reputation. It pays to have a back-up plan when costing your
business? Find out
your primary access to the Internet goes down. Wireless technology can with our Point of
help keep your business up and running. Sale ROI calculator
and see how much
you save with a
What It Can Do For Your Business secure wireless back
up plan in place.
• Ensure continuous up-time for transactions, communications,
enterprise applications and other critical systems.
• Keep your business running during disease outbreaks, inclement Find out how
Blinds To Go
weather, or natural disasters. addressed their
need for a failover
• Protect your reputation, customer confidence and employee morale.
solution for their
POS systems.
3 THINGS YOU CAN DO NOW
1. Identify mission critical systems. Understanding which systems
require 100% uptime is the first step in building a back-up plan.
2. Find out how much network downtime is really costing your
business. Self assessment tools can help you quantify how much
downtime is costing your business so you can build the business
case for a back-up network access solution.
See how Critical Network Access
3. Choose a back-up solution that includes network and carrier can help your business
diversity. Backing up a main wireline connection with wireless network
access from another carrier significantly reduces your vulnerability.
A GUIDE TO SECURING YOUR BUSINESS 15
16. 13
Securing the Cloud
Are you considering putting services in the cloud?
Think about how to protect your data BEFORE you move it to the cloud.
Why It matters
Check out this IT
Cloud computing delivers on-demand, scalable resources accessible World Canada white
from just about anywhere, through the Internet. Before moving aspects paper which examines
Canadian companies and
of your business to the cloud, it’s a good idea to think about how to who is moving to the
keep your data secure once it’s there. cloud – as well as when
and why.
What It Can Do For Your Business
Get insights from Price
• Access the latest technology to stay agile and able to adapt to Waterhouse Coopers on
changing business environments and security threats. different cloud models
and how to secure them
• Deliver on-demand self-service to employees without the risk. in this white paper.
• Expand what your company does and who you collaborate with.
3 THINGS YOU CAN DO NOW
1. Classify data based on how critical it is to your business. Before Check out this webcast
from www.techrepublic.
you decide what data to move to the cloud, consider your risk com which covers the
tolerance and legal or compliance responsibilities. primary considerations
to protect your most
2. Perform due diligence when choosing cloud suppliers. precious assets in the
Get references. Research their audit process. Negotiate a strong cloud.
service level agreement (SLA) that covers roles and responsibilities,
data storage and disposal, and disaster recovery plans.
3. Know where your data is living. If your cloud provider is not
based in your country or province, the servers that store your data
may be subject to the laws of another country. This could make your
business noncompliant with local regulatory requirements or expose
information to authorities in other jurisdictions.
A GUIDE TO SECURING YOUR BUSINESS 16
17. 14
I Spy:
Monitoring Your Business from Afar
M2M: How machines can help you keep an eye on your business.
Remotely monitor and protect staff, fleets and assets
with wirelessly connected machines.
Why It matters
Find out how
You’ve probably heard the term machine-to-machine (M2M) being tossed Pita Pit used video
around with increasing frequency over the last year or two. These services surveillance to address
an outbreak of inventory
let you remotely monitor and protect your fleet, assets and staff from your and cashier-related
smartphone or tablet, using wirelessly connected devices. shrinkage at their stores.
What It Can Do For Your Business
• Secure multiple warehouses, sites, vehicles, buildings or stores. See how Highway
Technical Engineering
• Reduce theft: know where your inventory, freight and assets are Services monitors its
at all times. fleet and keeps mobile
workers safe.
• Keep remote workers safe and connected to security response teams.
3 THINGS YOU CAN DO NOW Explore how
1. Connect your on-premise surveillance cameras to a mobile app M2M can help
you remotely
to monitor you business from anywhere. See how Pita Pit used monitor and
video surveillance to reduce shrinkage here. secure your
business.
2. Install fleet tracking systems in your vehicles to better track
your valuable assets. See how Highway Technical Engineering
Services monitors its fleet and keeps mobile workers safe here.
3. Provide connected devices to field workers in hazardous
conditions to monitor their safety. Check out vendors like
BlackLine GPS, Tsunami Solutions and Mentor Engineering.
A GUIDE TO SECURING YOUR BUSINESS 17
18. 15
Protecting Against Emerging Threats
What impact do social media networks, online games
or software have on security?
Keep in mind THAT emerging threats can from both within
and outside of your organization.
Why It matters
Although mobile malware is still in its early days, it’s smart to be aware
Learn about emerging
of emerging threats and the ways to defend against them. Look ahead, threats and how they
keep informed and protect against the leaking of sensitive information to are impacting businesses
here.
the public by employees. Prevent external scams delivered through social
media sites or repackaged games or software.
What It Can Do For Your Business
Get a view of what’s
• Keep employees alert and prepared for the latest threats and hitting the top 5
educated on acceptable behaviour. cybercrimes and scams
today here.
• Keep networks and business devices safe from the latest
cybercriminal threats.
• Increase the confidence of your customers, partners and staff
in the security of their data. Get informed
commentary
on emerging
3 THINGS YOU CAN DO NOW trends in attacks,
malicious code
1. Create a policy to set expectations for social media users. activity, phishing,
and spam here.
With social media malware on the rise, shaping user behaviour and
increasing governance for social network use is a smart choice.
2. Install anti-malware software regularly. With the increasing
speed of malware changes and distribution, it’s important to
make sure anti-malware software on all business mobile devices is Want More?
updated regularly. Learn about the social media sites, and
hear what small and medium sized
3. Consider data loss prevention tools. Prevent inadvertent or businesses are doing to protect against
intentional exposure of sensitive business information by identifying emerging threats here.
critical content then tracking and blocking it from being moved.
A GUIDE TO SECURING YOUR BUSINESS 18