- Posted by Fayez Moussa
- On 30/06/2021
Field-optimised devices like rugged laptops, smartphones, and tablets bring a host of benefits to Australian businesses. They allow field workers to capture data on site, keep track of appointments in real time, and manage invoicing on the go. However, they also come with certain risks. Outside the powerful defenses of the corporate network, field worker devices can be susceptible to malware, phishing, and other cyberthreats. If even a single device gets compromised, your company can face thousands of dollars in data loss, legal trouble, and reputational damage.
Bolstering device security is therefore crucial to your company’s survival. Here’s what you need to do to ensure your field workers’ devices are out of harm’s way.
1. Determine which devices and apps are permitted
If your company issues devices to field workers, you must clarify which applications can be installed. For field workers, this means the essentials, like job management systems, communication tools, navigation apps, and accounting software. Any unsanctioned applications that have no direct correlation to field worker responsibilities should be banned as they may leave your business vulnerable to attacks.
Alternatively, if you’re implementing a bring your own device policy, you’ll need to specify the types of devices allowed down to their model, age, and operating system. This minimises the chances of field workers using unsupported or outdated devices.
2. Install mobile device management (MDM) software
MDM software, such as Microsoft Intune, is a security solution that helps you manage your fleet of field worker devices from a single console. This is deployed by installing a software agent on users’ devices, so they can directly communicate with a central MDM server that resides in a data centre. Through the centralised MDM server, you can implement a wide array of cybersecurity measures and transmit them to company-registered devices. For example, you can distribute security software and updates over the air to ensure all field worker devices have the latest defenses.
Microsoft Intune also comes with other features, including:
- Hardware inventory – logs all device components, operating systems, and current software updates of all field worker devices currently in use
- Application whitelisting – determines which applications are trusted by the company
- Password rules – requires field workers to develop good password hygiene (e.g., setting long and unique passwords)
- Geo-tracking – triangulates a device’s current location in case it’s lost, stolen, or being misused
- Remote remediation – enables system administrators to diagnose device issues and troubleshoot these remotely
- Remote wipe – deletes data from devices from a central console
3. Enforce zero trust security
Zero trust is a concept that’s centred on the belief that devices and users should not be trusted and granted access to company systems by default. Field workers must be authenticated and should be allowed access to only the data, applications, and resources necessary to perform their job.
Multifactor authentication (MFA) makes up one part of this equation. MFA requires field workers to provide more than one set of login credentials to access their accounts, devices, and applications. Login credentials include:
- Knowledge factors like passwords
- Possession factors like one-time activation codes generated on mobile authenticator apps
- Biometric factors like facial recognition or a fingerprint scan
In addition to MFA, setting access restrictions through your MDM software will allow you to establish a zero trust framework. Microsoft Intune, in particular, can restrict access to company systems based on employee authorisation levels and the model and location of devices. It can even temporarily deny access to vulnerable devices, such as those with unpatched software or contain potentially malicious, until the identified risks are addressed.. With these restrictions, you can prevent unauthorised access to your company network regardless of whether they’re a careless field worker or a dangerous cybercriminal.
4. Have a plan for decommissioning devices
When field workers leave the company or if they lose their devices, you must have an exit strategy to keep data intact. This typically entails removing user accounts, reconfiguring access permissions, and factory resetting field worker devices. If you’re wiping data from personal devices, alert your field workers and make sure they back up their data in case something goes wrong.
5. Train your field workers
While implementing technical security measures protects field worker devices, poor security habits can completely undermine your efforts. Field workers may leave their unlocked devices unattended in public places, which increases the risk of device loss or theft. Some of them may connect to public Wi-Fi networks that could be teeming with cybercriminals. Others may even fall victim to phishing scams designed to steal data and spread malicious programs on user devices.
The best way to avoid these risks is through comprehensive security training. Every field worker must be taught to keep a close eye on their devices, avoid unsecured public networks, and be critical of every email they receive and website they visit. Field workers must also understand the importance of setting strong and unique passwords as well as watching what they share online. For these lessons to sink in, you need to conduct training sessions every month or at least on a quarterly basis. Training sessions should incorporate a combination of lectures, practical exercises, and threat simulations to help your field workers truly comprehend the risk they inadvertently create.
Device security can be a daunting process for any business to tackle, but it’s one that you’ll have to contend with when you’re managing field workers. For more advice on how you can make your field service business run effectively, call WorkBuddy now. We provide Australia’s leading job management platform that streamlines everything from scheduling to compliance to invoicing.