SEI Insights

Insider Threat Blog

Real-World Work Combating Insider Threats

Mobile Devices and Other Remote Access (Part 13 of 20: CERT Best Practices to Mitigate Insider Threats Series)

Posted on by in

The 13th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 13: Monitor and control remote access from all end points, including mobile devices. In this post, I discuss the importance of having policies and procedures in place that dictate how remote access from end points are monitored and controlled.

The CERT Division announced the public release of the fifth edition of the Common Sense Guide to Mitigating Insider Threats in December 2016. The guide describes 20 practices that organizations should implement across the enterprise to mitigate (prevent, detect, and respond to) insider threats, as well as case studies of organizations that failed to do so. The 13th of the 20 best practices follows.

Practice 13: Monitor and control remote access from all end points, including mobile devices.

Today's organizations are being driven by business deadlines and global partner networks to support remote access to their data and services. This remote access includes not just virtual private networks (VPNs) and tunnels but also mobile devices.

While remote access can greatly enhance employee productivity, remote access to critical data, processes, or information systems must be given with caution. To ensure full protection of critical assets and data, organizations must have a comprehensive, consistent strategy that dictates how remote access and mobile devices should be implemented and used within the organization's infrastructure by its employees, trusted business partners, and guests/visitors. The organization must also have the ability to monitor and detect potential threats that are created by allowing remote access.

Smartphones--because of their capabilities as recording devices, cameras, and storage devices--pose a significant risk to organizations because they make data exfiltration (in large amount) easier than previously possible through other means. It is crucial that members of senior leadership fully support all aspects of policies related to mobile devices in the workplace. Further, these policies must be fully communicated to employees and applied consistently throughout the organization.

Consider implementing these key practices as part of managing remote access and mobile devices:

  • Regularly review whether employees still require remote access and/or a mobile device.
  • Ensure that all remote access is terminated when employees separate from the organization.
  • Ensure that remote access to the most critical data and functions is at least minimized, ideally blocked.
  • Permit remote access only from devices administered by the organization.
  • Include mobile device use and remote access in organizational risk assessments.
  • Create an inventory of mobile devices, who in the organization uses them, and what the user can access.
  • Monitor and control remote access to the organization's infrastructure.
  • Prohibit devices with cameras in sensitive areas.

Refer to the complete fifth edition of the Common Sense Guide to Mitigating Insider Threats for a comprehensive understanding of the issues and recommendations mentioned in this post.

Check back next week to read about Practice 14: Establish a baseline of normal behavior for both networks and employees, or subscribe to a feed of the Insider Threat blog to be alerted when a new post is available.

For more information about the CERT Insider Threat Center, see http://www.cert.org/insider-threat/, or contact us at info@sei.cmu.edu.

More from Michael C. Hansell

Posts


View other blog posts by Michael C. Hansell.