Healthy.io uses a combination of endpoint management to deploy updates and patches to operating systems and key applications across its endpoint fleet. It also implements multiple endpoint protection solutions to protect against threats such as malware.
As part of its Zero Trust approach, Healthy.io staff who wish to access most of its services via their personal mobile devices need to enroll in its Mobile Device Management (MDM) Program. Enrolling in the MDM program lets the company make sure all mobile devices connecting to its network meet its minimum security requirements, covering encryption, device locking, anti-malware software, and OS versions.
Any device identified as being not compliant will result in that staff member receiving an email notifying them of the non-compliance. Healthy.io gives staff a 24-hour grace period to remediate non-compliance before removing/locking their access from that device. Healthy.io installs anti-virus and anti-spyware. When operating and updating all end-user devices, it conducts periodic scans of the systems to identify and remove unauthorized software.
The company bases its protection against malicious code on malicious code detection and repair software, security awareness, and appropriate system access and change management controls. It maintains audit logs of the scans and performs scans for malicious software upon boot and every twelve hours. When the company identifies malicious code, it blocks, quarantines, and sends alerts to the administrators. The company centrally manages anti-malware, and users cannot disable it. It implements the centrally managed, up-to-date anti-spam and anti-malware protection at information system entry/exit points for the network and on all connected devices. It separates user functionality (including user interface services) from information system management functionality.
Healthy.io takes specific actions to protect against mobile code performing unauthorized actions. Healthy.io defines the rules for software migration from development to operational status. It documents hosting the affected application(s); this includes development, test, and operating systems, which must be separated (physically or virtually) to reduce the risks of unauthorized access or changes to the operating system. It also disables file sharing on wireless-enabled devices.