Well, as we approach the 4th of July week here, on Wednesday, it looks like that everybody will be taking the week off. I wish I could!! As I mentioned in Friday’s blog, many people will be using their respective Social Media tools in which to communicate with family and friends. But what it is the one tool that we will be using to access all of this?
Our Smartphone, of course. Whether it is an Android, an iPhone, Windows Mobile, etc. this will be the prime tool for communications. But even for some of us that still have to work, especially that of the remote employee, the Smartphone will also still be the prime choice in which to conduct everyday office and work related matters.
To this end, many small businesses and even larger corporations are allowing employees to use their own personal Smartphone to do their job tasks. Yea, there are some advantages to this, such as no expenses involved in procuring and deploying company owned wireless devices; and since people know the ins and outs of their own Smartphone, it makes sense also, from the standpoint of convenience.
But then again, here is the tradeoff: They are also a huge Security risk as well. For instance, when an employee uses their own Smartphone, there is the real risk that their phones are not updated with the latest firmware, software upgrades/patches, etc. So, this makes it a prime target for the Cyber attacker:
They can easily access confidential files and data from a phone that virtually has no level of Security attached to it. Even a business entity would have a hard time enforcing their Security Policies onto a personal Smartphone, because after all it, it is not their property. All upper management can do in these cases is to encourage employees to upgrade their Smartphones to the latest Security patches, or just do not use their personal wireless device at all.
So as one can see, there is a steep tradeoff here: Convenience & Expense reduction versus Security. This is hot topic in the world of Cybersecurity today, and it still rages on as to the pros and cons of letting employees use their own Smartphones to do their work related matters. In fact, this whole topic has earned its own title: “Bring Your Own Device”, or “BYOD” for short.
In this blog, we look at the risks of BYOD, and in a future blog, we will address how those risks can be mitigated. Here we go!!!
- The risks of corporate information being released:
When an employee uses their own Smartphone to do their job tasks, there is a much greater chance that your trade secrets, intellectual property, or any other sensitive data could be released unknowingly, or even intercepted covertly by a third party. The primary reason for this is that employees very often do not keep their Smartphones up to date with the latest software patches and upgrades. Also, unencrypted network connections are used, such as public Wi-Fi hotspots. As a result, a Cyber attacker can very easily tap into these unsecure channels, and steal your information and data.
- Less control over personal wireless devices:
When a company issues their own Smartphones to its employees, there is some degree that the appropriate Security mechanisms will be implemented onto them. This includes encryption, making sure that the devices are up to speed with the latest upgrades and patches, and that Two Factor Authentication (also known as “2FA”) is installed. But, when an employee uses their own Smartphone or other wireless device to conduct their everyday job tasks, the business owner will then lose control over installing these protective mechanisms. After all, you cannot make an employee install them onto their own device if they do not want to. Because of this, 97% of BYOD devices have privacy issues, and 75% of them have inadequate data protection. (SOURCE: www.trilogytechnologies.com). Also, with a company issued Smartphone, if an employee loses it, you can quickly and easily issue a “Remote Wipe” command. This will instantaneously delete all of the corporate information/data that resides on it. However, this command cannot be used with a Smartphone that belongs personally to the employee.
- The mixing of personal and corporate data:
When an employee uses their own Smartphone, the risk their personal stuff being mixed in with corporate information and data becomes much greater. With this, there are increased chances that proprietary communications could be mistakenly sent to the wrong party. Also, there is a higher probability that malware or spyware could be covertly deployed onto the BYOD device, thus not only exposing proprietary corporate material, but your entire network as well. Keylogging software could also be installed by a Cyber attacker, and as a result, they can also gain access to the usernames and passwords of your other employees.
So here you have them. Obviously, this is not an all inclusive list, but the major ones. As a business owner or a C-Level Exec, it is obviously up to you how you want to proceed on this. Obviously, there is tradeoff, as described earlier. Perhaps one of the best ways to approach this is to conduct a Benefit and Cost Analysis, not so much from the financial standpoint, but rather, from that of Security. Actually, this is really called a “Business Impact Analysis”, in which the analyses is carried out in much the same way.