Security risks associated with employee mobile devices


Image courtesy: Pixabay
Over time as technology becomes more heavily integrated in routine business processes, organizations have had to take a serious look at security concerns.


Data breaches are no small matter and, if any of the massive breaches in the last two years are any indicator, there are still many companies that have to kick it up a notch or two or three to protect themselves against potential vulnerabilities.

This creates challenges for IT personnel to stay on top of new security concerns coupled with is also often a limited budget. And now mobile is in the mix. 

Employees frequently rely on their devices to stay connected to work, and often employers have the expectation their employees are available. BYOD has been growing in workplaces (not to mention the impending growth of wearables), and this is only going to continue to grow, creating new infosec issues.

But because mobile is disjointed in terms of infrastructure, it is much harder to control and maintain a tightly secured environment due to the level of decentralization.  This can create a potentially serious data breach risk because of all the possibly sensitive information that may be streamed between the employee cell phone and employer applications or networks.

Malware

Unfortunately, malware has become a serious risk factor nowadays and as the popularity of mobile increases, increasingly the presence of malware in mobile devices will increase as well. The security industry predicts the need for mobile security to significantly increase over the next few years.

Another risk factor for a breach is that mobile adds a new channel for hackers and other cybercriminals to penetrate, especially since mobile relies on the use of wireless networks and/or Wi-Fi 'hot spots' which are often unsecured.

Unsecured networks

With mobile devices people may not necessarily be using secured networks when they transmit information, and if the work-related data is sensitive, this could result in a potential data breach if an exploiter were to intercept the exchange. Additionally, there are those thieves who create public networks with the intention of exploit.

Lost or stolen phones

Phones that contain sensitive or confidential data could be lost or stolen. Even if security measures have been taken to password protect or place other restrictions, this is no guarantee the information stored on the phone can't be accessed.

Convenience may lead to complacency

Wireless is a huge convenience. While the level of flexibility wireless provides is wonderful, it does come with some drawbacks. Due to the ease and convenience wireless provides, workers may tend to overlook the risks of using it. If convenience trumps, then this may lead to an increased level of complacency and poor security practices.

As mobile progresses and becomes more integrated, employees may be more inclined to place attention on routine factor and, not pay close attention to security. One of the ongoing issues in society is people tend to take technology for granted, usually paying attention to the positive results, and putting less emphasis on the negative effects.

Cisco has conducted a detailed study which breaks down several interesting statistics. Cisco states:
The research discovered that despite the security policies, procedures, and tools currently in place, employees around the world are engaging in risky behaviors that put corporate and personal data at risk.
In a 2011 survey conducted by Mformation® Technologies Inc, the findings highlighted 'backdoor' mobile devices are increasingly becoming a concern.
Todd DeLaughter, CEO of Mformation, stated: 
Attempts to improve the management of mobile devices such as smartphones and more recently laptops, netbooks and tablets as they connect over cellular networks are hampered by a number of challenges.
At that time, employee-owned gadgets were to blame for 76 percent of "security headaches" per the survey. Even more disconcerting is a slightly higher percentage of employees have no idea where their mobile devices connect to and what kind of data they are capable of storing. Fast-forward to 2015 and mobile is still considered to be a top risk for business security.

Reducing risk

Due to all of these factors, employee-owned mobile devices used in the workplace can create a very serious risk of data breach. One of the best ways employers can reduce this risk is to invest in educating both themselves and their staff members of the possible risks and consequences that can come with data management using mobile. Additionally, changing routine organizational behaviors to be more security-conscious can make a big difference as well.

Security is no longer something to take lightly. Mobile has to be an important piece of the puzzle and everyone in an organization needs to be on board.

Comments

Popular posts from this blog

5 warning signs of groupthink in the workplace