Beyond location, employees need to be aware that changes in business relationships on LinkedIn may reveal something interesting (and very confidential) about the business. If someone in the Mergers and Acquisitions Department suddenly adds five people as contacts from a smaller company through LinkedIn it could indicate a relationship.
Finally, employees also need to be aware that anything they post publically might be used against them to add credibility to a phishing email. The growing personalization of email attacks makes it harder to differentiate a real email from a fake. Employees need to be educated about the risks and be exceptionally cautious with emails that ask them to send sensitive information to addresses outside the company.
Tip 8: Set up remote wipe for mobile devices
What happens when an employee reports a mobile device is missing? In most cases, data contained in the device is much more important (and valuable) than the device itself, especially when it comes to corporate information. Most smart phones support remote wipe. By setting up remote wipe on corporate-issued devices (and if possible, on employee-owned devices that are allowed to access corporate email) you're taking insurance against theft or loss of the device. If attackers have unfettered access to the device, however, they may be able to download the data first and even disable remote wipe. This ties into Tip 9.
Tip 9: Lock mobile devices
In the battle of convenience vs. security, convenience often wins. When employees use a mobile device to access corporate data it's important to educate them about the importance of locking their devices. Locking the device is a delay mechanism if the device is lost or stolen. It buys you time to either remotely wipe the device when it is reported missing or do something more elaborate like find it via GPS. Many devices can also be set to wipe themselves after a set number of incorrect login attempts. Even if a device is setup for remote wipe, leaving it unlocked can sometimes allow thieves to disable those settings before you've had a chance to issue a wipe command.
Ultimately, protecting corporate and personal data requires that employees be on guard. Applying these tips will help avoid some of the biggest threats on the road.
Sign up for CIO Asia eNewsletters.