Nearly half of businesses (45%) say that staff regularly use their own devices for work tasks. But with most employers still handing over a new laptop or mobile phone to new employees, employers need to keep these devices secure from cyber attacks.
It’s important that any device you hand over has some key security barriers in place. Cyber Security: New Device Checklist for Employers will help your business improve its resilience to cybercrime and ensure your employees stay secure working in the office or remotely.
Tick off the basics with new/current employees who receive a new mobile phone, laptop or tablet. When talking to staff about new devices, remember to consider where the device is being used and if your employees know the cyber security risks when working online.
Cyber Security Guidance for Laptops and Desktop PCs
- Asset management- Ensure you’ve recorded the following
Device make, model, serial number
- Who is it assigned to, when was it assigned to them, and if applicable, when should it be returned
- Does the device need to be installed onto your works network?
- Ensure firewalls and anti-virus software are enabled
- Where possible, built-in firewalls on devices should be configured to use the strictest settings possible - without interrupting the usage of the device
- Ensure relevant updates for the operating system and applications are installed. It’s recommended that automatic updates are enabled
- Make sure that physical and digital files are encrypted and that a daily or weekly file backup is in place
- Restrict the use and downloading of applications which aren’t specific to their job role - installing applications should only be carried out by an Administrator
- Ensure the user profiles are setup with the correct permission levels
- Review plugin device settings to ensure they are secure
Cyber Security Guidance for Phones & Tablets
- Ensure that all accounts have Two-Factor Authentication (2FA) enabled and that staff are using strong passwords - ideally, 2FA will be implemented through an Authenticator Application such as Google Authenticator or equivalent
- Promote the use of a password manager to keep them secure and encrypted - password managers also offer the ability to generate strong, unique passwords for each of your accounts
- Ensure employees are making use of strong passcodes and Face ID
- Ensure application updates are set as ‘Auto-update’
- Review all applications - if you want to restrict what employees can download, this should be covered in your company’s Device/Security Policy
- Review the location settings - setup ‘Find my iPhone’
Tips for when you're in the office
- Offline/Cloud backups - ensure that devices are backed up on a regular basis, either daily or weekly. This can be done to a cloud provider or manually using a storage device
- Security Policies - Ensure your staff review all of your company’s security policies. This may include a general Cyber Security Policy, Working from Home Policy, Acceptable Usage Policy, Updates Policy & Password Policy
Tips for when you're working remotely
- VPN - ensure a paid VPN is in use when working remotely. This will keep your IP Address secure, and data safe and encrypted should you be required to connect to public WiFi
- Wi-Fi security- when the use of public WiFi cannot be avoided, follow these tips:
- Always ensure that you use a unique email address AND password if you are required to sign up for public WiFi
- Review the web address (URL) of any website you visit/use, ensuring that it is legitimate and where you expect to be
- Review and ensure each website you visit uses HTTPS by checking for the padlock icon on the left-hand side of the web address (URL)
- Screen Protector / Webcam cover / Cases
- If you work remotely in public places, implement a screen protector with a privacy filter. This will protect you from shoulder-surfing and potentially leaking sensitive information
- Security Awareness Training
- Security Awareness Training provides simple and practical knowledge for your staff to understand the risks of working online and provides the confidence to challenge something that doesn't look right.
- Cyber attacks continue to evolve and use more sophisticated attack techniques designed to fool employees. Training your staff will reduce the risk that your business will face data loss, financial fraud, operating time lost or negative PR.
Download your Cyber Security: New Device Checklist for Employers
- Review your employer's security policies - this may include Cyber Security Policy, Working from Home Policy, Acceptable Usage Policy, Updates Policy & Password Policy
- Passwords - Ensure you are using Face ID and Passcodes, don't forget using a Password Manager will allow you to save passwords across devices to make life easier.
- Don’t forget to enable two-factor authentication on all your accounts
- Do not use unapproved external devices
- Don’t forget your Backups!
- Setup 'automatic updates’ - these often will include security updates.
- Only use approved software or applications - only install software/applications from the official source for your device.
- Don’t use personal accounts - Social Media applications on work devices should be restricted to only those the company uses.
- Worried about Data Exposure? - Check HaveIBeenPwned
- Don’t save financial details - do not use the notes app to store work credit card details or bank information
- Be wary of connecting to public WiFi that does not require you to sign in using a username/password
- Use a VPN when working remotely.
Download your Cyber Security: New Device Checklist for Employees
