By Deepa Bhat, CPA, Audit Principal
ASL Construction Group
These days, a lot of our business gets done on mobile devices, whether we are checking e-mail, tracking appointments or even reviewing plans and paperwork. Smartphones and tablets have given us the ability to accomplish as much in the field as we would at our desk. This is especially true if you are working in the construction industry as you are likely always on the go and moving from site to site.
Being able to manage your people and projects from the field may be convenient, but it also introduces new security concerns. Malware and viruses designed to steal information and, in some cases, your money are becoming more prevalent on mobile devices. Distractions at the job site can also cause you to let your guard down, leaving you vulnerable to scams and other attacks.
Knowing that you are at risk is an important first step in addressing these threats. Here are some additional questions to consider when assessing your technology environment:
• What kinds of access controls are in place? Does your company’s network require a complex password before allowing someone to connect to it from the field?
• Is your company’s network accessible with a single password? If so, consider using multi-factor authentication such as a validation code sent to another device via email or text, fingerprint, or key fob, in addition to the user password. This protects your company’s information even if an attacker obtains your password.
• Do you utilize a password vault such as iPhone Keychain? Password managers make it easier for you to get your work done, but are also a high-value target for hackers. Be sure yours is protected with a good password and, if possible, biometric measures such as an iris scan or fingerprint.
• Are you utilizing a secure, private Wi-Fi network in the field? Free and public Wi-Fi networks found at cafes and other public venues are often unencrypted, meaning your activity can be easily observed by others. Consider using a VPN (virtual private network) to connect to your office. This ensures your activity is encrypted regardless of your connection.
• This one is obvious: are you conducting your private business in a private area? At a busy site, it may be easy to enter a PIN code or e-mail password on your phone without realizing a stranger nearby is watching. Add the potential of a forgotten (or stolen) phone, and you have a recipe for intrusion into your company’s network. Again, multi-factor authentication goes a long way to addressing this risk.