“They took my phone!” – Cyber Resilience Debate Series - Day 5
18 Oct 2017
It’s the last day of the debate series, our last issue is a hot topic. Border controls have become an increasing concern in terms of Cyber Security. With laws unclear, many border guards around the world have reserved the right to search any electronic device or confiscate them. With that in mind:
What do you feel would be the best way to ensure cyber resilience when staff are travelling for business with company devices, considering any strain that these new processes may place upon other functions within the business.
Share your thoughts, I’m looking forward to chatting with you all more in future!
Who cares ?
That's not meant to be glib, it's an important risk question. For many organizations the loss of a mobile device has minimal impact and should be treated appropriately. In many cases ensuring the default security features on the device are enabled, and that you have a good incident response plan ( that the users know to launch ) to clean up quickly after any loss is enough. Provided your users know to report border patrol search and seizure to your incident response team you could have this risk covered.
What about high profile users, or organizations that work in highly secretive industries ? At this point you get into the detailed risk assessment and the balancing act between user inconvenience and countermeasures. Burner phones, loaner laptops, multi-factor authentication can come into play here. With IOS 8 Apple added a feature called always-on-VPN, it has some advantages for high profile travelling users, but like most countermeasures there are inconvenience and support costs.