Objective: Mobile IT devices (e.g. notebooks, tablets, smartphones) and mobile data storage devices (e.g. SD cards, hard drives) are generally used not only on the premises of an organization, but also in mobile applications. This presents an increased risk with respect to e.g. loss or theft.
Requirements (must): The requirements for mobile IT devices and mobile data storage devices are determined and fulfilled. The following aspects are considered:
- Encryption,
- Access protection (e.g. PIN, password),
- Marking (also considering requirements for use in the presence of customers).
Requirements (should): Registration of the IT devices.
Users are informed of missing data protection on mobile devices.
Laptops are protected by full-disk encryption.
There are separate instructions for staff to use mobile devices. The instructions cover:
Endpoint security management system can be used to demand the desired security criteria from the devices before they are allowed to connect to the network resources. Devices can be laptops, smartphones, tablets or industry-specific hardware.
Criteria for the use of network resources may include e.g. approved operating system, VPN and antivirus systems, and the timeliness of these updates.
Mobile Device Management (MDM) helps secure and manage staff mobile devices, whether they are iPhones, iPads, Android devices, or Windows devices. E.g. a Microsoft 365 subscription includes the basics of mobile device management.
Mobile device management system can be used to e.g. configure device security policies, wipe remotely and get accurate device usage reporting.
The security policies defined in the mobile device management system aim to protect the organization’s data. For example, to reduce the risk of losing devices, you can specify that the device be locked after 5 minutes of inactivity or that the device be completely wiped after 3 failed login attempts.
It may make sense to test new policies first with a small group of users. Policies also require oversight. You can initially select a setting for policies that informs the administrator of settings that violate the policy, but does not completely block access.
Portable storage devices may include e.g. optical disks, DVDs/Blurays, flash cards, USB sticks / thumb drives, SSDs and other external hard drives.
Portable storage devices and physical media that do not allow encryption of data should not be used unless it is unavoidable.
Any use of unencrypted storage media and devices should be clearly documented.
In Cyberday, all frameworks’ requirements are mapped into universal tasks, so you achieve multi-framework compliance effortlessly.
.png)
Elevate Your Knowledge with Exclusive Access to Weekly Webinars, Video Courses, Help Articles, and Blogs.
