There are many reasons why businesses adopt cloud and web-based solutions and supporting mobile workers is primary among them. For traveling salespeople or workers in remote offices to have access to business applications and data, many organizations use web-based services and cloud solutions to centralize systems and make enterprise-wide access to applications and data easier to deliver.
What many businesses are now realizing is that allowing individuals to use their own mobile devices to access corporate data exposes the enterprise to new and often unknown risk with every device and app that gets used.
Most businesses recognize the need to secure corporate systems while allowing users to remotely access resources from home or mobile computers. Yet many CIOs and IT managers fail to address the vulnerabilities introduced through the proliferation of tablets and smartphones in the business.
Some enterprises initially embraced the concept of bringing your own device (BYOD) as it tended to encourage users to work from home or while on the road. This increased employee productivity and kept workers more attached to their jobs without the business having to pay for the device.
With growing numbers of reported rogue apps and apps that secretly collect and pass data, the potential benefit of allowing workers to use their own devices is rapidly being overshadowed by the risks involved.
“Apple, Facebook, Yelp and several other firms were sued for privacy-infringing apps that, among other things, pillaged users’ address books. …but what if the app uploads a sales representatives’ contact list and the developer then sells it to a competitor? That’s a new type of data leakage that most organizations aren’t ready for.” *
Smartphones have emerged as a primary platform for information theft and damage, offering bad actors new opportunities for system surveillance and intrusion, data theft, application hacking and more.
Phones are very smart. The phones most people use are computers with a great deal of processing and storage capacity, and as such are just as capable of running bad programs and being vulnerable to attack as their more obvious portable computer counterparts. Perhaps they are even more vulnerable because of the connected nature of the device. By its very nature, the smartphone is geared towards transmission and communication of information, not just processing it.
Hackers and developers of exploits (and just bad code) are focused on stealing business and personal financial data. Employee phones are useful devices that help bad actors get inside far enough to deliver access to confidential corporate information and data someone would pay for.
People tend to be the weakest element in the security chain, and exploiting vulnerabilities under the guise of making things easier for the user has been a highly successful approach. The simplicity of using mobile devices is also what encourages complacency with users not considering what access the mobile app might have to corporate data stored in the cloud.
Attacks that target employees may end up targeting the employer as well, even if the employer wasn’t the original target.
Whether it is intentional or not, the risk is present, and every business should recognize the vulnerabilities introduced with mobile device use and to do what it can to mitigate that risk.
The information held by most businesses also includes the information of others including employees, customers, vendors and partners. It is essential that businesses do not expose themselves or others to unnecessary litigation, fines or penalties, or lost opportunity caused by accidental leakage of confidential information.
For some companies, the best answer may be to only allow use of devices the business provides, along with clearly written use policies and guidelines. This approach allows the organization to determine which applications may be installed and to dictate how the device is to be used for business needs.
Most businesses, however, allow users to access business resources with their personal devices, with cost being a primary reason. In these cases, it is important to make certain that users understand what is and is not appropriate device use, and to inform users on the policies relating to apps which may or may not be allowed and why.
Mendelson Consulting’s Noobeh cloud services team understands how important information security and protection is. Providing AI-powered email and device protection from Microsoft, cloud-hosted application services and managed IT solutions to protect applications and data, and offering remote monitoring and management of user devices, Mendelson Consulting and Noobeh have the IT services and solutions to help make your business and data safer.
