By Jon Ault
January 15, 2017
As someone who heavily depends on my smartphone for my job, I can barely remember my “pre-smartphone” life anymore! (Yes, some of us are old enough to have lived without smartphones!!) But that is a thing of the past, today, everyone uses apps on a regular basis to make day-to-day life easier. Need directions to a customer’s office? Pull it up in Google Maps. Need to check in for your flight or your hotel? We have an app for that! Need to find a place to go to dinner tonight? Search for local options on Yelp. The conveniences of mobile apps extend into our professional lives as well, with always available email, mobile business analytics tools, etc.
This year’s theme for National Cybersecurity Month is “Cybersecurity from the Break Room to the Board Room”). A continuously mobile workforce presents several unique cybersecurity risks requiring attention from across the organization, truly from the break room to the board room.
App Security Risks
While there have been significant improvements in recent years the apps users install on their smartphones still pose a significant risk to personal and business data. The Android system with the Play Store from Google, the Apple iOS system with the Apple Store, and Windows OS with the Microsoft Store have built-in methods to help users identify apps and the security each offers, regardless each still have their own associated risks. Some systems will allow you to authorize and approve the access and permissions for each app that is installed. The issue for users with that model is in order for most of the apps to work properly you must authorize all the permissions without the users being able to properly research the application and publisher for security concerns. More work needs to be done in this area of risk for normal users to achieve better control on the security of their devices and personal information.
Bring Your Own Device (BYOD)
One of the primary challenges of security in a mobile world is the blending of personal and professional data on a single device, owned by the employee. (e.g., BYOD) When employees are allowed to use their personal devices to access company information, proper use of Mobile Device Management (MDM) is particularly important. Effective BYOD programs leverage three key strategies to manage risk:
Implementing proper solutions for data encryption is a key strategy for management of mobile devices. Encryptions solutions are required for both data at rest on mobile devices (laptops, smartphones, tablets, etc.) One of the most common sources of HIPAA breaches continues to be stolen laptops which is a risk that can easily be managed with relatively simply mobile device data encryptions technologies.
The upsurge of mobile device usage has resulted in a significant increase in the use of these personal devices to do company business in public locations. One of the most effective cybersecurity risk management strategies includes training employees to be aware of their surroundings. Simple “shoulder surfing” frequently leads to significant breaches of sensitive company information.
Free public WiFi seems like a great idea, but can be a big risk for personal data theft. Most people believe that their information is secure as long as they type in their username and password. However; on a public WiFi or any network that is not known to be a trusted network then the user must take the security steps to protect himself.
Mobile technologies and apps have added a great deal of convenience to our daily lives; however, they have also added significantly to the cybersecurity risk at every organization. More than ever, it is critical that your whole organization develop an “app-titude” for cybersecurity!