Today, to celebrate Data Protection Day, I’ve prepared 3 quick and easy tips&tricks on how to protect your corporate and private data, that you can implement right now. And because at Famoc we’re #ObsessedWithSecurity, I used knowledge gained on my everyday job. If you want your data to be safe and sound, learn what our pros at Famoc do everyday to ensure that they’re protected 😉
You probably already know that IT pros follow a simple success formula for authentication: using something you already know and something you have. To be extra secure, you should also consider something you are and that of course might include your fingerprint, face recognition or voice recognition. While this category and a category of something you know (a password, PIN or a keystroke pattern) are mostly understood and used, the category of something you have is not that easy to follow for many users.
You can use your smartphone as a 2FA, on which the provider sends you a text message with a code to enter along with your password. But is your mobile device secure enough to trust it as an authenticator? Well, all it takes to defeat a 2FA on your phone is a malware that can forward SMS to the attacker or completely erase SMS communication on your phone, enabling the attacker to send you false code.
So what can you use as a something you have if your smartphone is obviously not the best idea? That’s the part the YubiKey comes in. It’s a dedicated security key for reliable login – you can use it to log in to your laptop or phone, as well as to portals supporting this type of authentication (such as Gmail or Facebook). We use YubiKey in Famoc as well – as we always put security first, we decided to better secure logging into company devices, access to company data and even to the office itself by using this handy dongle.
Of course there’s a lot of rules to remember when using 2FA but that’s a whole other story… Although we can’t stress this enough, so remember to at least treat your passwords like your socks – keep them off your desk 😉
Read more about FAMOC & YubiKey integration here and watch a video about how we use YubiKeys in Famoc office.
In many companies, mobile devices and applications are granted access to companies’ information systems. Almost 98% of employees in Poland declares that the smartphone has become their “second computer” and that it’s a device that they use every day at work. Also 91% of corporate employees are using at least one mobile app and according to Pradeo “The mobile threat landscape” report, the most common vector used by cybercriminals to infiltrate mobile devices is… a mobile application! When you also learn that 61% of mobile applications have code vulnerabilities, you don’t have to wonder why cybercriminals seeking sensitive data have shifted their interest toward mobile devices.
As they say – you should know your enemy – and that’s why a clue to better data protection is to first educate yourself about any potential threats. Literally it’s better safe than sorry, so prevent your corporate and private data by eliminating all risks. Also, don’t forget to manage your privacy and permission settings for mobile apps – it’s the best (and the simplest) way to ensure that you’re not giving too much information about yourself that aren’t crucial for an app to work (like your location for a calculator ;)).
Here you’ll find a Pradeo report that I’ve mentioned – “The mobile threat landscape”. It gives a holistic view of the mobile threats currently targeting organizations and end-users, so read it and learn to recognize and avoid any potential attacks. And when you’re already aware of the threats – educate your employees, employer and basically anyone, that may not already know that. After all, behind most data leakages there’s a human factor, an unintended mistake.
Every month, Famoc brings you a new version of FAMOC manage solution. Thanks to that, you always have a possibility to try and use our latest features which improve your mobile devices security.
Recently FAMOC manage 5.4.0 came to live and as always when the new version is out, we’ve conducted a webinar about new features and possibilities. If you missed it, don’t worry – we have a recording!
Of course there’s so much more to do to properly protect your data than just these 3 steps above. You should keep your operating system up to date, consider deploying a VPN instead of using free Wi-Fi connections, use end-to-end encryption and many, many more. I strongly recommend to learn about other tips for securing your data, but what you can do now is to to try these 3 above steps that are easy to deploy but we don’t always remember about them.
Good luck and enjoy Data Protection Day!