Welcome to the Networking and Mobile module. Our mobile devices have become extensions of ourselves. Therefore, mobile devices are increasingly becoming more susceptible to attacks. You will either be provided a mobile device if needed, or your organization may have adopted a bring your own device, BYOD policy. Whether personal or company issued, you need to be aware of the risks to corporate data that a mobile device poses to your organization. If you use a mobile device to access corporate data, you should fully familiarize yourself with organizational policies around mobile devices. Your IT, or security team, has likely implemented security measures such as password locks and remote wipe. But, you're ultimately responsible for the security of your own mobile device. We have provided some tips for keeping your data secure. Keep devices on you whenever possible and always keep them within sight. Never leave your mobile devices in plain sight, in a car or hotel room. Use caution when loaning your device to others. Turn on the locate my phone option for your cell phone or tablet. Always use a trusted network. Established pins and passwords to login to your mobile devices. Have a strong password, that you change often. Enable data encryption on all your devices when available. Never select stay logged in or use Remember Me options. Never use untrusted USB devices, unless vetted by your IT department. Minimize the sensitive data that you store on your devices. Keep your operating systems up to date and the software patched. Do not download unnecessary apps or untrusted apps from third-parties. Immediately report a stolen or lost device to your IT or security team. Utilize a request to VPN be configured for corporate or Internet access. A virtual private network or VPN, is used to protect your connection to internal resources. A VPN provides for the encryption of data over the public Internet and unsecure networks. This is particularly helpful, if you are frequently connecting via unsecure networks. One caveat with VPNs, is that your organization might only be protecting access to corporate data, leaving your personal files unprotected. In that situation, checking your e-mail or accessing corporate files may be safe. But logging into your bank account or social media accounts, may still be unsecure. If you are a frequent traveler, talk to your organization about VPN services. Many technology service providers have commoditize their services. Employees can quickly subscribe to services at the click of a button. This is empowering to businesses, but is a huge risk area in today's organizations. Online data storage providers such as Box, Dropbox, or OneDrive. Customer relationship management services such as salesforce.com, or Dynamics 365, e-mail services such as Microsoft Office 365 and Google Mail for business. It is also likely you use cloud services on your personal devices. Examples include services such as Apple's iCloud or Facebook. The cloud has allowed organizations to implement services faster, more secure services. Many organizations have embraced everything as a service, while others may have a no cloud policy. Unfortunately, cloud services have introduced a number of new risks to organizations. There are many things that should be considered before adopting a new cloud service, and staff should understand their role in protecting data in these services. Every member of the staff, plays a role in safeguarding the company's data in the cloud. This is achieved by staff understanding and following company policy for information and resources. Staff should not use personal cloud services such as Dropbox or Google Drive, for corporate data. In addition, you should never share your username or password with anyone for any reason. Lastly, you should use strong passwords and multifactor authentication, when using cloud services for personal and corporate accounts. Shadow IT, describes when an employee installs applications and services without the explicit approval from the organization. The cloud has made shadow IT easier. User friendliness paired with ease of access and short-time devalue, has caused on approved cloud services to run rampant across organizations. Employees often practice shadow IT without even realizing they're doing it. Employees will use cloud-based applications such as Evernote or Dropbox, to share files or notes in a pinch. Although, they may not be approved by company policy. This creates a challenge for IT teams, because they can't protect data in places they are unaware data exists. Furthermore, some cloud providers are more secure than others. Staff members who have purchasing authority, should never invest in cloud services without contacting IT and legal for approval. The seemingly quick gains made by using cloud services, could be quickly negated if it puts the organization at risk. Let's have a quick review of what we learned in this presentation. Due to the rapid growth of the Internet and all the devices and networks connected to it, there are often weaknesses in our online security. We learned that wired connections are always more secure than wireless connections. By increasing your knowledge about wireless networks, you can be safer in your online activity at work and at home. There's a high risk if you connect your fitness tracker or cell phone to accompany computer, as it can potentially expose your company to a virus or malware. You should also be wary of using publicly accessible Wi-Fi connections. If you must connect via public Wi-Fi, take steps to protect yourself. If you're a frequent traveler, you should invest in a mobile hotspot from your cellular provider, for the best secure connection. Lastly, we learned that cloud-based services can be very convenient, but can also open your company to risks. Therefore, you should always work with the security or IT department before installing any outside software or cloud services on your company devices. You have now concluded this lesson.
