Never has IT been more exciting than it is today. Computing is available everywhere, at any time, and from a wide variety of devices. Employees can choose to come to an office location, or work from their homes or even from a coffee shop. Cloud and digital transformation have enabled new opportunities to deliver new and high-value information products and services to business.
Unfortunately, the downside of such ubiquitous computing is that it has become the target of so-called “threat actors”. The entire security story makes for scary reading. From network weaknesses, to unprotected endpoint devices such as printers, to mobile devices such as tablets and smartphones and laptops being used to access valuable data, there are many “threat vectors” for hackers to attack.
It may be tempting to think that, if the data resides in the cloud, it is safe from breaches. But what if a stolen laptop has applications on it that are insufficiently protected, and which provide direct access to data in the cloud? According to Check Point Research’s “Cyber Attack Trends – 2018 Mid-Year Report,”
The first half of 2018 has also featured some new and interesting trends. The Cloud infrastructure for instance, has become one of the most attractive targets for threat actors; as the vast amount of sensitive data along with the available computing resources reside of the cloud environment, have easily captivated the attackers’ attention. Tesla’s cloud servers infected with Monero miner earlier this year and a massive leak of sensitive data of FedEx customers are just two examples of what 2018 has brought to us.
Some basic actionable steps to take
Let’s focus, for the purposes of this article, on the laptops distributed throughout the organisation. These may be left in the office 24 hours a day, or taken home, or taken to offsite meetings. They might be used from home several days a week, or even from coffee shops. How secure are they? Are they susceptible to theft? Might they be left on a train, or in the back of an Uber? What steps could you take to protect the laptop, its contents, and its access to applications and data?
Passwords are our first line of defence, whether to access the laptop or to access your finances, credit information and other identities. After many years of discussions about passwords, some people still use simple, easy-to-remember passwords, and/or use the same password for everything. Strong passwords are those that have 12 or more characters which are a mixture of upper and lowercase letters, numbers and other symbols. This can be enforced for corporate logon id passwords by the business.
Further, the business can compel employees to select a new password on a monthly or bi-monthly basis. They should also ensure that the new password hasn’t been used before.
Always enforce timely operating system and other software updates. They often contain security updates in response to the latest attempts to infect computers with viruses and other attacks. It is often simpler to engage with a support organisation, such as Stott Hoare, for device management that helps ensure software updates are rigorously applied.
Former FBI Director, James Comey, and Facebook’s, Mark Zuckerberg, are just two people who have taped over or otherwise covered the camera lens on their laptops. Phishing attacks can install software which can let hackers control the webcam on a laptop – and to turn off the light that indicates the camera is on. Lenovo laptops have a built-in shutter positioned over the webcam lens letting you determine when the webcam is available for use.
Fingerprint readers are available on laptops to provide the ultimate in 2-factor authentication – a strong password and a fingerprint. Lenovo’s fingerprint scanners includes anti-spoofing defence, and software that prevents both a false acceptance rate (falsely reporting a successful match) and a false rejection rate (not recognising a valid match).
Newer Lenovo ThinkPad models are equipped with Mirametrix Glance software, which allows device owners the ability to lock the PC without touching it, through presence, face, eye and gaze sensing, so that no wandering eye can look upon confidential files which may be open on the screen.
When laptops are often left unattended on the desktop during the day or even overnight, a physical lock can be used to tether the laptop to an object that can’t be taken. With Lenovo, this can be either a slot that accommodates a Kensington Lock, or a padlock loop. Of course, best practice should require employees to lock laptops away in a lockable cupboard, out of sight, where possible.
The ultimate in data protection for data stored in a laptop’s hard drive is encryption. Lenovo laptops using Serial ATA hard drives can use Full Disk Encryption (FDE) hard drives. In this case, encryption doesn’t need to be turned on or enabled. FDE drives always encrypt data on the disk.
There are many dimensions to security in the vast and complex world of IT. Recent legislation around data loss, including Data Breach guidelines and GDPR for businesses with customers residing in the EU (or doing business in the EU) make the cost of data loss potentially enormous. Not just in terms of loss of reputation and brand damage but also in terms of fines and penalties.
While information security is a large and complex issue, there are simple things that can be done to protect laptops from theft and from subsequent access to corporate and customer data.
Speak to our specialists about device management, security, and Lenovo ThinkPad devices that can significantly reduce your exposures to device losses and data losses.