B.Y.O.D. – Employees’ Mobile Devices Pose a Serious Risk
This week, the New York Times ran a story about a new cyber threat that every organization responsible for protecting sensitive information needs to take seriously. As more and more companies allow employees to B.Y.O.D. (Bring Your Own Device), they are creating vulnerabilities that could result in a major data security issue.
According to a 2012 Decisive Analytics survey of 400 corporate IT professionals, about 50 percent of companies that allow employees to connect personal devices to the corporate network have experienced some form of data security issue. In some cases, it’s employee negligence to blame. In others, it’s the fact that networks designed for personal use don’t feature the same firewalls and protections as those designed for business. Sometimes – as was the case when a volunteer at a Florida hospital used a smartphone to snap thousands of pictures of patient medical records, and then sold them – it’s criminal malfeasance at the heart of the matter.
But whatever the cause, the legal and reputational impacts of a major data breach are simply too damaging for companies to consider taking part in the B.Y.O.D. trend without first assessing the risks and then taking steps to mitigate them. What sensitive data could leak if there’s an issue? Which devices can be allowed to connect to the network? What security measures must those devices employ? What policies are in place to ensure that employees access the network properly? What is the company doing to ensure that everyone knows the rules of the road?
These and other questions need to be carefully weighed before privately-owned iPhones, Androids, Blackberries, tablets, and laptops can be confidently allowed to pass the velvet rope, according to Kurt Stammberger, CISSP and VP of Market Development at Mocana – a company that focuses on security for apps and the Internet of Things.
“BYOD has the potential to unlock the extended enterprise, but businesses need to be sure to put in place systems that can simplify wide-scale deployments by securing enterprise mobile apps automatically and transparently,” he says. “Companies should investigate technologies like app-wrapping that can mitigate the complexities of mobile management, while freeing developers from risky security coding.”
That take is right on the money – because if companies aren’t doing everything they can to secure their networks, you can bet that stakeholders are going to want to know why when a front-page breach wreaks havoc on a company’s security brand.
Jason Maloni is a Senior Vice President at LEVICK and Chair of the firm’s Data Security Practice. He is also a contributing author to LEVICK Daily.