The Meridian Blog: Tech News, Tips & More for SMB and Enterprise Environments

Your Biggest Threat to BYOD Security Could Be Your Employees

Jan Carreon

Posted by Jan Carreon
Tue, Apr 21, 2015

When the cellular phone was first introduced, it served only one purpose — to make and receive phone calls. Over the years, we have watched the device evolve and incorporate more and more features. Its evolution changed the way we communicate with texting, video chatting, and email capabilities. It has replaced everyday items such as watches, calendars, the boom-box, CD/mp3 players, books, and cameras. It’s next victim? The wallet.

RELATED: What Does Apple Pay Mean for Security and Business in Washington, DC?

A cellular device is arguably a one-stop shop for almost everything, and a necessary tool for professionals today.

Mobile devices are a staple in today’s world, contributing to the rise of BYOD (Bring Your Own Device). By now, you are probably well aware of some of its advantages and disadvantages. One of the biggest concerns of BYOD is security, with the largest threat arguably being a company's employees. Here are the ways employees are unintentionally making sensitive work data more vulnerable to a breach.

RELATED: BYOD Brings New Security Challenges

Downloading Unsafe Mobile Applications

Earlier this year, Veracode, an application security company, discovered approximately 2,400 unsafe mobile applications on employee devices in an average large global enterprise. This was only a small sample of the 14,000 unsafe mobile applications that Veracode has recently discovered.

Of these applications:

85% of the 14,000 unsafe mobile applications that were recently discovered exposed sensitive data
85% exposed sensitive data, specifically SIM card information such as phone location, call history, phone contacts, SMS message logs, device IDs, and carrier information.

37% performed suspicious security actions, such as checking to see if the device is rooted or jailbroken, installing or uninstalling applications, recording phone calls, and running other programs.

35% retrieved or shared sensitive information, such as browser history and calendars – and often sent the data to suspicious overseas location.

These applications came from a mix of commercial applications from public app stores, and were typically downloaded by employees.

Mobile Malware & Risky Behaviors

As mobile malware becomes more prevalent, it is also a growing concern within the realm of BYOD security. Late last year, WireLurker attacked non-jailbroken Android and iOS devices. And just last month, Android discovered a flaw that made users vulnerable to an attack that could replace a legitimate app with malicious software, which would then collect sensitive data from a phone.

New mobile device technologies and the cloud have given users the ability to access corporate data from anywhere between the home and office. As technologies develop and emerge on the mobile platform, so do its threats, which is why it is so important for BYODers to take the extra step to ensure that their devices are as secure as can be. However, studies have shown that this is not necessarily the case.

RELATED: Cloud Based IT Security Offers Protection from Malware, Spyware and More

According to Lookout’s Mobile Privacy IQ study, a large percentage of smart phone owners claim to be privacy savvy. In spite of this, respondents admitted to engaging in behaviors that could put sensitive work data at risk, such as connecting to public/open wi-fi (76%) or downloading apps from unofficial marketplaces (33%). Survey results also revealed that nearly 60% of respondents cared the least about protecting the work data on their phones.

Considering the many instances of data breaches in recent years, these statistics are quite unsettling.There are so many benefits to BYOD, but is it worth the risk? If your company has met with a managed services provider (MSP) in order to put a secure BYOD policy in place, you are most definitely on the right track. However, you may also want to consider reaching out to your MSP for assistance in thoroughly educating your employees regarding the dangers of risky mobile behaviors.

RELATED: 7 Simple Steps for Smartphone Security

Another way to mitigate the consequences that come with employees engaging in risky behaviors under a BYOD policy is to make sure that the applications used to access company data are secure. To ensure this, an MSP can be your single point of contact for vendor management and help your business identify the best software and app developers to collaborate with. They can also provide you with the best MDM (Mobile Device Management) solution and a secure private cloud platform to ensure that your data is protected. 

Click here to read our White Paper: 5 Questions to Ask When Selecting a Cloud Services Provider

Jan Carreon

Ready to Become a Pro?

 Our White Paper can help.

whitepaper-4-key-elements-for-building-your-technology-road-map-thumbnail-3Subscribe to our blog and get your copy of "4 Key Elements to Consider When Building Your Technology Road Map"

You'll learn:

  • What role people play in determining your road map
  • How to build a plan in a multi-device world
  • What types of applications need to be considered
  • How data plays a key role in success

 

Subscribe to get your copy

Leave A Comment

About this blog

News, best practices and more to help you get the most out of your office technology. Whether you're an SMB owner who wears a lot of hats, or an enterprise IT director, facilities manager or just someone who wants to work smarter — this blog has the resources you need to maximize the business impact of all your tech investments. Be sure to subscribe to receive email updates about new posts!

Download our eBook

 
DM_Workbook_Cover_Page.jpg

Download

Sort Posts by Topic

see all