The BYOD era warrants more risk of a security breach on unmonitored mobile devices
In the past, businesses saw the punishment fit the crime when faced with a security breach. The potential consequences for non-compliance were perceived as preferable, which resulted in little to no policies set in place to avoid a security breach within a company from an outside source. In fact, HIPAA reporting rules state minuscule breaches affecting 500 records are only required to be reported at the end of the year to the OCR and the company doesn’t even have to notify affected customers. Because of this lack of immediate action to a security breach threat, companies fail to proactively respond. According to lawyer Brian Balow, “until there’s an issue, many just cross their fingers and think, ‘When I get to it, I get to it” when in reality, the smallest security breach can have big affects on a company, employees and customers.
It has now become essential for businesses to enforce data security, especially those who have incorporated bring your own device (BYOD) programs, and it is more possible with cost-effective technologies.
The BYOD era comes with many pros and cons. BYOD programs give employees the comfort and convenience of conducting business through their personal devices as opposed to devices disbursed by IT departments. Being their personal device, the employee will have their eyes on it constantly, even after business hours resulting in increased productivity. Not to mention, the cost-savings of significant hardware, software and IT support that comes with devices provided by the company.
However, the freedom of BYOD comes at a price. Because personal and sensitive company data are both stored on an employee’s phone, the concern of a security breach becomes more of a pressing issue to companies. IT departments must keep a close eye on employee devices in BYOD programs to ensure they are secure and not at risk to third-party access. Since mobile devices are not limited to the workplace, they are more at risk of being lost or stolen, resulting in a data leak. BYOD programs need to be on the company’s terms. Some organizations are finding it too risky NOT implement a BYOD program, in fear of unmonitored employee devices.
According to CNBC, in a survey conducted of 258 executives, 85% expressed concern about cyber-attacks on their organizations. News reports of companies affected by network security breaches are the norm rather than the exception. In 2011, the Federal Communications Commission discovered an IT security breach and quickly acted with an Enhanced Secured Network, which set out to identify and remove infected workstations and also build a heightened emergency response plan.
Just this month, the Federal Reserve server was hacked by an anonymous group who stole employees’ personal and account information of employees. The server was overtaken after a temporary vulnerability, which was quickly fixed. While the Federal Reserve security breach appears to be minor, any leak of information from a government entity is significant. Click here to read the e-week story.
Any organization is at risk for a security breach from an external source. Strong policies and internal programs are just the first lines of defense companies should take in order to prevent a security breach, compromising sensitive data.
As business progressively turns mobile, daily precautions need to be taken to avoid a security breach in BYOD programs
Data encryption: Relatively cheap and simple to implement, data encryption makes data hard to read to unauthorized persons. Encrypting data on portable memory devices is a highly effective solution to prevent a security breach.
Management systems: Especially important in a company that has implemented a BYOD program, management systems within the organization set up rules and policies for employees. The systems can be used to block employee use of non-encrypted devices on the company network. Approved devices allow for secure data transfer of sensitive information, preventing a security breach. Also, strong passwords and updated anti-virus software on all employee computers ensures a lesser chance of a security breach.
Technology: Technology requires educating staff on certain vital functions. When used correctly and efficiently, technology such as anti-virus software, firewalls and WPA2 supported wireless routers, allows staff to do their jobs more safely.
Control of corporate data: Monitoring applications and corporate information on mobile devices in a BYOD program is becoming easier with new technology. For example, the BlackBerry 10 incorporates an operating system made specifically for BYOD. IT departments are able to control how corporate data is exploited on certain applications and can separate personal from company information in the event the device is stolen.
Companies taking advantage of the emerging BYOD era should tread lightly. The risks of BYOD provide opportunities for a security breach within the company. Proper precautions should be taken in order to prevent even the smallest security breach.