Transcription
IT & DATA SECURITYBREACH PREVENTIONA PRACTICAL GUIDEPart 2: Reducing Mobile, Weband Social Media risks
CONTENTSMOBILITY: Protecting employees, wherever they’re workingDEVICES: Close the door to malwareWEB AND SOCIAL: Balancing freedom and controlSECURITY CHALLENGES ON THE RISEAs corporate networks increase in complexity, keeping them secure is morechallenging. With users connecting to unsecured public networks and socialmedia platforms on both company-owned and personal devices, sensitive datacan now be accessed–and lost–from more endpoints than ever before.This guide is designed to help you protect yourbusiness, your employees, and their devices–whereverthe web and the work take them.
MOBILITY: PROTECTINGEMPLOYEES, WHEREVERTHEY’RE WORKINGTHE STORYThomas needs to make the most of his time. So he uses his tablet toaccess his emails, as well as client data, when he’s out of the office.He finds himself with a spare twenty minutes between meetings andheads into a café to grab a drink and make some last-minute amends tohis presentation. He takes advantage of the free Wi-Fi to send an emailto his colleagues to make sure everyone has the latest version.The file contains information he wouldn’t want shared with hiscompetitors. It doesn’t occur to him that, by sending it over anunsecured network, he could end up doing just that.1/3 & 1/4of businesses have experiencedlost/stolen mobilesof these know they lost dataas a resultSource: Kaspersky Lab MDM Infographic
OVERVIEWWith the rise of mobile working, it’s no longer enough to applysecurity measures to just the hardware you have at the office. Andsince many employees ‘bring their own device’ (BYOD), it’s noteven enough to only protect company-owned devices.While these working practices bring a range of benefits to thebusiness, they also add extra complexity to your IT environment.And the widespread availability of free, unprotected networks –over which data can be intercepted – only adds to the challenge.But it’s not one you can ignore. Mobile should be a central part ofyour overall IT security policy. By being proactive, you can helpprevent data loss from sophisticated threats such as malware, andsimple mishaps like losing a device.“Mobile shouldbe a central partof your overall ITsecurity policy.”
PRACTICAL ADVICE12If you don’t know about a device, you can’tprotect it. Employees need to understandthe importance of mobile security and ofinforming IT about all the devices they use.Using Kaspersky Security for Mobile you canadd anti-malware and other mobile securitytechnologies to your devices and, with MobileDevice Management (MDM), you can overseethe administration of all devices in yournetwork. As both mobile security and MDMare part of Kaspersky Endpoint Security forBusiness, you can integrate mobile securityinto your overall IT approach without any needfor a separate, stand-alone solution.FACT:On unprotected Wi-Fi networks, all data canbe intercepted and data on the screen can bemodified. However, 34% of public Wi-Fi userstake no specific measures to protect themselves.Source: Kaspersky Lab BYOD Infographic
TOP TIP: A lost device doesn’t have to mean lost data.You can separate corporate data from the user’s personalinformation. This sensitive data can then be encrypted,making it impossible to read if the device is stolen. Youcan then delete the “corporate container” if need be – forexample when an employee leaves the company.TOP TIP: Make sure people understand that corporatedata (including email) should only be accessed over asecure network. This doesn’t mean that they can’t makethe most of free Wi-Fi – just that they need to use a VPN.
DEVICES: CLOSE THEDOOR TO MALWARETHE STORYThomas has been to a conference. He’s made a number of usefulconnections and is looking forward to going through some of theinformation he’s been given on a USB drive.As soon as he gets back to the office, he takes his MP3 playeroff charge, plugs in the USB drive, and uploads the files onto thenetwork.With his mind firmly fixed on the opportunities that might comefrom the day’s conversations, he doesn’t stop to think was elsemight be contained in the files, and he clicks “open”.Removablemedia such asUSBs and SD cardsaccount for 30% ofmalware infections.Source: Kaspersky Lab Blog
OVERVIEWJust as URLs, files and attachments can be used to transmitmalware, so can physical devices. Unless you check beforeopening, there’s no way of knowing what a USB drive mightcontain. Even if it’s company branded, that doesn’t necessarilymean it’s safe.And it’s not just USB drives that pose a problem. Any device that’sbeen in contact with an unknown network could be infected.So, even if Thomas’s USB drive is clean, the MP3 player he wascharging could also pose a risk. In fact, removable media such asUSBs and SD cards account for 30% of malware infections.Again, there are automated steps you can take that will preventyour employees from doing risky things. But if they’re alsoknowledgeable enough to exercise an appropriate level ofcaution, you can dramatically reduce the chances of malwarefinding its way into your network.
PRACTICAL ADVICE12Make sure employeescheck externaldevices and drivesbefore using them,even if they think thesource is trustworthy.Disabling auto-runcan help and meansthey only open filesthey choose to.Encourageemployees toapply this samethinking to theirpersonal devices,too. For example,if they notice theirsmartphone ismalfunctioning orsuspect it mightbe infected withmalware, they shouldknow not to connectit to their laptop.3Using KasperskyEndpoint Securityfor Business’s DeviceControl feature,you can specify thedevice types thatcan connect to yournetwork, and whatthey can do.4With the ApplicationControl feature, youcan block maliciousprograms on adevice, even if they’reopened.TOP TIP: Set your anti-malware to automatically scan all devices and, based onthe employee’s needs, block any device types that are unnecessary.
The Stuxnet virus was initially delivered viaUSB to Iranian nuclear facilities, eventuallyspreading to Russian facilities in the sameway. Malware has even made it to theInternational Space Station.Source: Kaspersky Stuxnet press release
WEB AND SOCIAL:WHAT CONTROLLEDACCESS LOOKS LIKETHE STORYOn her lunch break, Maria takes a moment to check Facebook.She scrolls down her newsfeed and sees an interesting lookinglink. The article isn’t what she was expecting so she shuts it down.The phone rings, she logs off and gets back to work.Unfortunately the site in question launched a drive-by attack,and as she hadn’t updated her browser since getting her laptop,she didn’t get any warning that the site seemed suspicious. Shehad both her work and personal email up, and both have nowbeen scanned by the malware, compromising important financialinformation.Social media use is ubiquitousand spreads across devices.Source: Kaspersky Lab Social Network Infographic38%of social media users accesssites through smartphones
OVERVIEWMuch like BYOD, social media sites are another example of howintermingling our professional and private lives can have seriousrepercussions for online security. As well as being an opportunityfor the spread of malware, they can help criminals collectinformation about potential targets.It’s important for employees to understand that, even if theirbrowsing is personal, the risks can affect the entire company. Byencouraging the right behaviours, you can implement a policythat keeps your network and data safe without impinging on thequality of employees’ work life.23%of social media users accesssites through tablets66%of social media users accesssites through computers
PRACTICAL ADVICE1234Tell employees theyneed to check theorigin of anythingthey download andto hover over links tocheck that the URLmatches the anchortext, especially ifthe site they leadto is unknown oruntrusted.Make sure your policycovers employeeconduct on socialmedia sites. Theyshould never sharesensitive information,whether it’s businessrelated or personal,and they need totake responsibilityfor screening theircontacts.If sites are simplyif it’s inappropriatefor work, it shouldbe excluded fromthe browsing policy.Using KasperskyEndpoint Securityfor Business’s WebControl functionality,you can use preset or customizeddatabases toblacklist categoriesof websites thatshouldn’t be visited.It can be difficultto spot some ofthe more subtledeceptions usedto spread malware.Kaspersky SystemsManagement, whichincludes patchmanagement, canhelp you ensureemployees are usingupdated versionsof their browser,reducing the risk ofthem running intotrouble.
The top three social mediaphishing targets are:56% Facebook8% Twitter3% PinterestSource: Kaspersky Lab Social Network InfographicTOP TIP: Kaspersky Endpoint Security for Business has pre-built, customizableblacklists you can use to ban sites by type. As you can split users into groups,restrictions don’t have to be company wide. For instance, if the marketing teamneeds to use Facebook for work purposes, you can make it accessible to thoseemployees but block access for the rest of the company.
SUMMARYProviding your business with the best protection possible requiresa mixture of enforcement and education. Employees have morefreedom than ever before – and that means they need to take moreresponsibility for their own safety than they may have done in the past.That said, there’s a lot you can do to eliminate opportunities for riskybehavior altogether. And if you also have the tools to put your policiesinto practice quickly and easily, then you can spend less time reactingto problems and more time looking at the bigger picture, anticipatingdangers and putting preventative measures in place before issues arise.And that’s really the most important thing – to be proactive. Youalready understand the threats you’re facing. Now, using the advice inthis guide, you can take practical steps to protect your business.
PROTECTYOURBUSINESSNOW.GET YOUR FREE TRIAL NOWJOIN THE CONVERSATIONWatch us onYouTubeLike us onFacebookReviewour blogFollow uson TwitterLearn more at kaspersky.com/businessJoin us onLinkedInVisitKnowledgeCenter
ABOUTKASPERSKY LABKaspersky Lab is the world’s largest privately held vendor of endpoint protectionsolutions. The company is ranked among the world’s top four vendors of securitysolutions for endpoint users.* Throughout its more than 17-year history Kaspersky Labhas remained an innovator in IT security and provides effective digital security solutionsfor large enterprises, SMBs and consumers. Kaspersky Lab, with its holding companyregistered in the United Kingdom, currently operates in almost 200 countries andterritories across the globe, providing protection for over 400 million users worldwide.Call Kaspersky Lab today at 866-563-3099 or email us atcorporatesales@kaspersky.com, to learn more aboutKaspersky Endpoint Security for Business.www.kaspersky.com/business* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2013. The rating waspublished in the IDC report “Worldwide Endpoint Security 2014–2018 Forecast and 2013 Vendor Shares” (IDC #250210,August 2014). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2013. 2015 Kaspersky Lab ZAO. All rights reserved. Registered trademarksand service marks are the property of their respective owners.
He’s made a number of useful . And it’s not just USB drives that pose a problem. Any device that’s . As you can split users into groups, restrictions don’t have to be company wide. For instance, if the marketing team needs to use Facebook for work purposes,
