Sponsored

Are your business's mobile devices secure enough?

Businesses have never had access to so many mobile devices – nor as many ways to lose sensitive data.

The business world is going increasingly mobile. Laptops have long outsold desktop computers, and by 2015, IDC predicts that sales of tablets will have overtaken desktop PCs, too. For the IT manager this is both a blessing and a curse.

It's a blessing in the sense that staff can work more flexibly than ever before, reading emails on a compact tablet whilst travelling between meetings or using a touchscreen laptop to literally flick through presentations at a client's office; it's a curse because your business data is now stored on more devices than ever before, providing greater opportunity for thieves to get their hands on it. 

Advertisement - Article continues below

That not only carries the risk of financial loss, but of a customer backlash and even regulatory action if your security was found to be inadequate. The Information Commissioner's Office (ICO) routinely fines organisations five- or six-figure sums for data breaches resulting from lost or stolen devices.

Here, we're going to show you how to secure the critical data stored on your mobile Windows devices, and how you can track and remotely wipe devices that have been stolen or mislaid.

Secure sign-in

It goes without saying that employees must be forced to log in to their device with some form of user authentication, whether that be the traditional password, fingerprint reader, smartcard solution or one of the new Windows 8 options aimed at mobile devices.

Advertisement
Advertisement - Article continues below

Many companies deploying PCs, laptops and tablets to their workforce will have a password policy mandated by Group Policy. This, for example, may mean that users are forced to renew their password every 90 days or use a minimum number of characters in their passwords.

Advertisement - Article continues below

Organisations deploying Windows 8 tablet devices may want to review their password policy to ensure it covers new sign-in solutions, such as Picture Passwords, especially on devices without access to a physical keyboard, where entering a strong password could be cumbersome using the onscreen keyboard. Picture Passwords allow users to access the device by tapping or swiping gestures on a digital photo of their choosing. They could, for example, have a photo of their family, and tap on each child in alphabetical order to unlock their device.

According to Microsoft's research, a Picture Password with only three gestures offers equivalent security to a conventional five or six character password, and has the added benefits of being far easier to remember and quicker to enter for users with touchscreen devices.

Windows 8 also introduces the concept of virtual smartcards, where instead of carrying around a physical smartcard, the user's credentials are stored on the laptop's Trusted Platform Module (TPM) chip. Users still have to enter a PIN to access the device, as they would with an ordinary smartcard reader, but should they lose the device, they can contact their IT administrator and have the virtual smartcard revoked immediately, preventing any unauthorised access to the device.

Data encryption

Preventing unauthorised access to a device requires more than a good password policy. Even without the user's password, thieves can still access data on stolen devices by physically removing hard disks or solid-state drives and accessing their contents on another computer unless those drives are encrypted.

Advertisement - Article continues below

There are many third-party encryption solutions available, including those provided by HP and its partners. Windows 7 and 8 both have their own built-in encryption technology, BitLocker, which can be used to protect system drives and external disks that are plugged into the company's PCs.

Advertisement
Advertisement - Article continues below

IT administrators can apply Group Policy to BitLocker to ensure, for example, that employees can't copy data to USB thumb drives without first ensuring the drive is encrypted, preventing one of the most common and costly methods of accidental data loss. Administrators have access to recovery keys, should the user forget their password. BitLocker can also be used in conjunction with other security measures, such as smartcards, to ensure that unauthorised users don't get access to sensitive data.

Tracking and recovering stolen devices

If a device is lost, there's no need to write it off immediately if it's fitted with tracking technology. HP's Tracking and Recovery Service uses a combination of Wi-Fi and GPS receivers (on compatible devices) to locate missing devices. IT administrators can track devices using an online map and view current and historical location data, providing information that could allow the employee/company to retrieve the missing equipment, or provide accurate location data to the police in the event of a suspected theft.

Advertisement - Article continues below

If the device cannot be recovered immediately, HP Tracking and Recovery allows the IT department to remotely wipe the device, ensuring that sensitive data cannot be accessed by thieves. IT administrators can choose to wipe individual files, directories, user data or the entire disk, providing the flexibility to manage the risk of each situation.

Advanced optional features include geofencing, which sends alerts to IT administrators if a company laptop is detected outside of a predefined boundary, such as leaving the office or even the country. This allows companies to react proactively to unauthorised movements, rather than waiting for a theft to be reported.

Tracking and data deletion commands are handled by a software agent installed on each PC. HP recommends that the agent is preloaded within the "Persistence Module" on the BIOS. This ensures that the software agent is restored, even if thieves attempt to delete the software. 

The HP Tracking and Recovery Service is not only useful for anti-theft measures, it can also help with asset management. The agent can collect information on the laptop's hardware and the software installed on the machine, alerting administrators if any unauthorised or unlicensed software is found on the PC.

Advertisement - Article continues below

With all these features combined, companies minimise their risk of suffering from the theft of critical information, have a full audit log to prove to regulators that they took the necessary steps to secure stolen devices, and greatly reduce the risk of fines for unlicensed software being installed on company PCs by employees.

The right balance

With the appropriate security measures in place, there's no reason why companies can't reap the full benefits of the new wave of mobile devices. Touchscreen laptops, tablets and hybrid devices provide all manner of opportunities for employees to find creative new ways of working. Companies need not fear having their sensitive data scattered across a vast range of mobile devices, provided that those devices are secured, encrypted and able to be wiped the moment that something goes wrong.

For more advice on transforming your business, visit HP BusinessNow

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/hardware/laptops/354872/hp-elite-dragonfly-g1-review-an-enterprise-essential
Laptops

HP Elite Dragonfly G1 review: An enterprise essential

29 Apr 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/cloud/cloud-computing/355742/microsoft-launches-public-cloud-service-for-health-care
cloud computing

Microsoft launches public cloud service for health care

21 May 2020
Visit/software/video-conferencing/355596/house-of-commons-to-ditch-zoom
video conferencing

House of Commons to ditch Zoom in favour of British alternative

11 May 2020