Heather
Gray

How UEM help companies meet regulatory compliance requirements

Heather Gray

Aug 26, 2021

18 min read

Last year, around May of 2020, State Regulators and the SEC came out with a new guidance for financial security firms as well as investment firms. This new guidance aimed at getting companies from these specific industries back on track to meet regulatory compliance requirements for cybersecurity.

On June 15th 2021, the SEC released a salvo with its press statement aimed at all public companies. They announced civil monetary penalties against companies lacking robust cyber security management systems.

Within this statement, they also announced that they had issued a cease-and-desist order against First American Financial Corporation (FAFC) for deficient disclosure of controls and procedures related to cybersecurity risks.

It is quite clear that the SEC is now done with warning shots and grace periods. However, they are steadfast in their resolution to ensure that all companies maintain robust cyber security controls and risk management systems.

The threat of cyber security is ever growing and cyber-attacks, constantly evolving. Organizations around the world, no matter their industry, would be subjected to regulatory scrutiny regarding cyber security management efforts and controls.

So, in order to avoid hefty monetary penalties and other reprimands, organizations should find ways to get compliant with regulatory standards and maintain a sound cyber security management system.

How can UEM help?

When it comes to compliance, an organization that has its operations worldwide has to be compliant with numerous regulatory guidelines. These include HIPAA, GDPR, SOC2, PCI DSS, etc.

Staying compliant with these regulations and maintaining a sound cyber security system would have been much easier if the endpoints were uniform and static. But we all know that is not always possible.

From desktops to mobile devices to IoT, the device ecosystem is vast and heterogeneous. And the pandemic has made sure that these devices cannot always be within the confines of the organization. Here’s how a UEM solution like Hexnode can help you get out of this sticky situation.

Meeting regulatory compliance requirements with UEM

Ensure data security and privacy

Secure data present within the devices
Secure data present within the devices

Encryption

Data encryption is one of the ground rules that most regulatory bodies firmly insist on. GDPR demands that all information stored and processed by the company be encrypted, HIPAA requires the same with Electronically stored patient health information or e-PHI.

Now you might be wondering where UEM comes into all of this? Imagine all the endpoints your firm uses to get work done. You might even have dedicated teams to handle confidential information on a daily basis. No matter how careful your staff may be, making mistakes is something that we are all prone to.

A little mishap from your employees can destroy all the hard-wrought efforts your organization has put in to improve its security infrastructure. The simple solution to this problem? Have a UEM solution that can help in pushing secure policies and restrictions onto the managed endpoints.

In this way, you can ensure that the devices within your control always stays compliant with the policies that your organization has set to continually maintain its security.

A UEM solution like Hexnode can remotely push encryption policies to the devices. Depending on which operating system you use, you can make sure that the data stored within these devices stay encrypted by enabling full disk encryption programs like FileVault and BitLocker.


Benefits of encrypting your data:
  • Helps to meet regulations
  • Secure information accessed and processed by remote employees
  • Keeps backups safe
  • Prevents unauthorized access to data

Disable file sharing

Some of us are definitely guilty of sharing important files via Bluetooth and other reliable but insecure third-party applications to make things easier.

It’s great for sharing harmless files but is it really a secure way for sharing sensitive corporate information? Most pondering over this question would answer it with a big resounding no. Why? Because this can put the data at risk. Hackers can easily find ways to intercept the data and access it.

By disabling Bluetooth, USB file transfers and implementing similar other restrictions, your firm can stop employees from needlessly sharing sensitive information through insecure channels.

Containerization

BYOD is not a new concept. People have been bringing their own personal devices to work for quite a while now. This convenience, however always left organizations with a nagging fear that by allowing access to corporate data via these personal devices, they were inevitably risking the security of company data.

Unfortunately, they were right in thinking so too, as most data breaches that occurred within the past few years can be attributed to lax security measures.

Work profile in Android Enterprise and Business Container within iOS devices helped take care of that problem by creating a separate work containers on the devices. Containerization neatly segregates personal and work data by creating a separate space within the device in which corporate apps and data can be stored.

Restrictions such as controlling the flow of data between personal and corporate apps and implementing copy/paste restrictions can be set within the container to make sure users do not share sensitive information present inside it.

UEM helps prevent users from opening confidential documents from unmanaged sources. Additional layers of security can be added by limiting access to data only through corporate-approved WIFI and VPN. This would come especially handy in cases when employees are working from home or remotely from client locations.

Deploy strong passwords

Locking down devices with strong passwords
Locking down devices with strong passwords
 

Talk about implementing password policies within the office, you can already hear employees groaning over how difficult it would be to create and update the passwords on a regular basis! It can seem to be a bit of a hassle in the beginning but trust us when we say complex passwords can be a lifesaver, well, at least in most situations.

Sometimes your employees would be a tad bit forgetful to update their passwords regularly or just be lazy enough to create overly simplistic ones just for the sake of creating one.

You can take care of that by making sure that strong password policies are remotely pushed onto the managed devices. Admins can deter employees from creating simple passwords by setting up the complexity requirements and dissuade them from frequently reusing old passwords by defining the password history.


Strong passwords come a long way in meeting regulatory compliance requirements

What makes up a good password?

  • Use of uppercase and lowercase letters
  • Use of numbers
  • Use of special characters
  • Use of random letters

Passwords can be set on the device as well as on work profiles in the case of BYOD. It wouldn’t hurt to add multi factor authentication when employees log in to company resources as well. This will give hackers a hard time in trying to weave their way into your resources.

A password manager can be an apt place to store all passwords. It not only prevents employees from writing down their passwords but also stops them from saving their passwords in the browser.


Benefits of deploying strong passwords:
  • Secures data from hackers
  • Minimize the risk of a dictionary attack, which is widely used by hackers to force their way into a user’s account
  • Secure data on lost devices

Devices can get lost at times. No matter how unpleasant it may be, this is just something that businesses will have to prepare to come to terms with.

By remotely locking the device and wiping sensitive data present inside of it you can avoid the panic that normally occurs when a device harboring critical information gets misplaced.

Another advantage of relying on a UEM solution is the enablement of managed lost mode on the devices. Lost mode is a security feature that remotely locks down the device and wipes its data. A custom message can be displayed on the screen where the user can make critical information known to the finder such as the contact number and name of the device owner.

You can even monitor the location of the devices by scanning it at regular intervals and making sure that the device is always with its rightful owner or at least within the confines set by your organization.

Ensure security on managed devices

Deploy OS updates

It’s never a good idea to have your devices running on an older version of the operating system. By updating the OS, you can ensure that it doesn’t fall prey to any known security vulnerabilities. There is a wide range of benefits of remotely pushing OS updates, some of which include:


  • Adding new features to the devices
  • Patching existing security flaws
  • Protecting data
  • Improving productivity of employees
  • Avoiding risks that come with unsupported software

Detect the presence of compromised devices

The use of rooted Android devices and jailbroken iOS devices is a major risk. Storing information within those compromised devices can be a huge liability for your business. UEM can help detect the presence of these devices and implement certain security measures to make sure that it does not affect the security infrastructure of your organization.

Monitor devices remotely

Secure devices when employees are working remotely
Secure devices when employees are working remotely
 

Remote work is being widely embraced the world over. With employees preferring to work within places of their own choosing, many organizations have now begun to realize the importance of supporting remote work and make it feasible for employees to work from any place they wish.

Remotely managing the devices can make this a more viable option for organizations that aren’t very sure about safeguarding company resources when employees work off-site.

Easier troubleshooting

Technical glitches can happen. They can be extra troublesome for employees working remotely. By not resolving these issues quickly enough, you can end up affecting the productivity of your employees.

This can be dire, especially if you are employing a team of critical frontline workers. By remotely viewing and controlling the managed devices, your IT team can instantly resolve any issues end users might be facing at the moment.

Maintain internet and network security

It’s always a good idea to have employees stay connected to a network that has been corporate-approved. Measures like web content filtering can stop them from accessing sites that could compromise sensitive corporate data.

Some sites may look harmless on the outside but they can be damaging in terms of how easily they would be able in tricking your employees into sharing sensitive information.

Here are some of the reasons why organizations need to start implementing web content filtering:


  • Improve network security
  • Monitor data hogging websites and block access to it
  • Minimize the risk of company liability

Firewalls come a long way in protecting your company resources. It acts as the first line of defense by monitoring both incoming and outgoing network traffic. In addition to this, admins can also configure the WIFI and VPN settings to boost network security.

Maintain application security

Businesses with complex workflows can find it tricky to manage the applications that they have in place. Ensuring that the confidential information present inside does not leak out can be doubly challenging. With a UEM solution, enterprises can ensure that the applications are appropriately managed and deployed in a way that only the right recipients use it.

Some of the other management features include configuring applications, providing necessary app permissions to avoid the hassle of granting unnecessary permissions. Businesses can even boost up the productivity of their workforce by blacklisting applications that appear insecure or decrease employee productivity.

The devices can be locked down in a kiosk mode to make sure that they only function with applications that have been whitelisted. You can even ensure employees have access to the right applications anytime they need it by creating an enterprise app catalog with all the essential enterprise applications.

Other features include remotely distributing applications, upgrading and downgrading applications, making apps as mandatory and monitoring per app data usage.

Manage access

One of the best ways to stop the encroachment of cyber threats is to implement a proper access control management system. Always ensure that before you onboard any users, you create a unique username and password for them.

By keeping logs of all the user IDs, you can stay organized and easily revoke access for employees who have either been terminated or have changed their roles.

You can also continually review the compliance of the devices by revoking access for non-compliant devices. Hexnode’s integration with Azure AD and Active Directory simplifies the process of access management.

Geofencing helps you to remove access to sensitive data once the user crosses the defined boundary. This will stop users from accessing company resources from networks not approved by your organization.

Some common security practices businesses can implement to meet regulatory compliance requirements

Safeguard the security of passwords

One of the best way to ensure compliance with all the regulatory standards is to maintain an atmosphere that encourages employees to follow strong password habits.  You can eliminate the problem of shared access to IDs by assigning all users within your company a unique username and password.

Just make sure that your system admin keeps logs of these as it can save your HR and IT team a tremendous amount of work during the onboarding and termination process.

You wouldn’t want employees to save their passwords in browsers. This is just the same as handing out secure passwords to hackers in a silver platter. No matter how complex a password you set, if your employees save them in a browser, the security of those passwords would be as good as gone.

Make sure that your employees store their usernames and passwords in a password manager.

Before giving out new or temporary passwords, always make sure that you verify the identity of the user. This saves you the trouble of giving away sensitive information to the wrong user. This can include a quick check with the manager of the employee for whom the access needs to be granted.

Whenever employees are given new systems or software, ensure that the default passwords present within these are changed immediately. As default passwords are usually easy to guess and hence crackable with just a few attempts.

Follow a clear screen and clear desk policy

Encourage employees to clear their screens when leaving for the day
Encourage employees to clear their screens when leaving for the day
 

Sometimes security begins at the simplest level. You may find rogue documents or files scattered about in workstations or employees may simply choose to leave their screens on while going on breaks. Though this may seem like a simple lapse from the part of your employees, the consequences could be disastrous as this can make the resources easily accessible to unauthorized parties.

You could either make it mandatory for employees to clear their screens and desks while going on breaks or remotely auto lock the system when it is not used for an extended period of time.

Your firm could also ensure employees don’t share sensitive information or have access to it themselves by prohibiting the downloading of unauthorized software. System admins need to make sure that the systems are not lent to others without prior permission.

Keep error logs

No matter how stringent your organization’s security requirements may be, mistakes are bound to happen. The best way to minimize the occurrence of those mistakes is to keep track of them. This is where error logs can come in handy.

Logs help you to keep track of errors and use them as future references. Data collected from these logs can be used as real-life examples during training sessions and give upper management a brief on the improvements you have made as a team in bettering the security posture of your company.

Minimize the usage of removable media

It’s always best to minimize the use of removable media and use it unless it is absolutely necessary. Although UEM helps in ensuring that removable media can be used within the confines set by your company, they are still not secure enough to be used within confidential areas and hence it would be wise to just restrict their usage.

Retain documentation for everything

Record management is important. Keep a detailed list of all records and documents you have in place. This will save unnecessary clutter and help regulatory bodies understand that your organization is keeping up with necessary compliances with the proper amount of documentation.

Implement access control and basic network security measures

It would be a good idea to ensure that all employees within your organization are aware of the access control policy. The best way to do that would be to document it and make it available within an internal portal where employees can have access to it. You could even have a separate compliance team to clarify any doubts employees may have regarding the policy.

Having such a team would come in handy in showing interested third parties and stakeholders that your organization maintains proper information security by implementing appropriate controls and procedures.

Continually review the access rights of your employees especially privileged access rights. Whenever you assign user access it should always be done in alignment with the business requirements of your organization.

Implement segregation of duties whenever possible to ensure sensitive information is not needlessly shared more than it’s required. Constantly monitor your company networks to make sure that no unauthorized devices are connected to it.

Unrestricted usage of the internet can be a problem. In addition to decreasing the overall productivity of your employees, there may be sites that can easily bait users into sharing their personal information.

Deploy secure measures like web content filtering to restrict employee access to these sites. Your company email can harbor different kinds of information such as employee and client confidential information. You can implement email protection by scanning all the incoming and outgoing emails.

Encrypt and backup your data

The first step in ensuring data security is to encrypt it. Make sure that you encrypt all authentication information; these would include your passwords and other login details.

One of the ways to ensure that your employees have access to the information they need is to make them understand the kind of information they can have access to. You can do that by properly categorizing and classifying the information you have in hand. You can document these classifications and make them available to employees.

Next, your IT team can implement various technical controls such as endpoint verification and firewall to ensure the safe processing and transfer of information.

Backups are essential. It’s always a good idea to backup all your data. This would be especially helpful during the occurrence of any unforeseeable natural or man-made disasters.

All good business continuity plans mandate the need for data backup. Once you have backed up all your data, it’s time to consider doing a recovery test to measure how quickly and efficiently your business operations can resume after recovering from a disaster.

Dispose old data

Neat disposition of data is just as important as retaining it. Therefore, every organization must have an adequate amount of security measures in place to ensure that all information, whether confidential or not, are deleted in a secure manner. This includes wiping the data from old assets that are no longer in use.

Implement controls to keep malware in check

Implement security control to safeguard systems against malware attacks
Implement security control to safeguard systems against malware attacks
 

You should always be on the lookout for malware. They are known to have compromised the security of many well-known businesses in the past. Some of the ways in which you can control malware include:


  • Deploying OS updates
  • Encrypting all data
  • Keeping an inventory of all the assets and performing compliance checks on them
  • Refrain employees from posting confidential information online
  • Avoid downloading files from untrusted sources
  • Conduct awareness training sessions at least once a year

To sum up

Cybercriminals will continue to target businesses from various industries. The best way to ensure that your organization does not fall victim to these cybercrimes is to make your security infrastructure as strong as you can. Constantly be on the lookout for the latest security measures and implement them within your company policies.

Routinely scan your web applications and servers and implement proper network segmentation to make sure only the right users are connected to it.

In addition to maintaining security against a wide range of cyberthreats, a UEM solution can make it easier for organizations to be in compliance with the regulatory requirements by ensuring that all employees have strong password policies enabled on the devices, are connected only to a corporate approved network and don’t make any untoward changes to the settings of the managed devices.

Share
  •  
  •  
  •  
  •  
  •  

Heather Gray

Technical Blogger @ Hexnode. Reading and writing helps me to stay sane.

Share your thoughts