If the last blog post didn’t resonate with you, this post about mobile security is sure to do so! All smart phone users or businesses permitting BYOD (bring-your-own device) should pay attention.
According to an IBM study, 99% of the enterprise workforce currently uses mobile devices to perform their jobs; this includes smartphones, tablets and laptops. NINETY-NINE PERCENT! Further highlighting the importance of mobile security, the same study tells us that nearly 60% of security leaders describe their organizations as either partially or fully mobile. A 2016 Spotlight Report estimates that roughly 40% of organizations have made BYOD available to all employees and 9% plan to offer it in the next 12 months. So what does this mean? Companies have found that employee mobility and flexibility, tech cost reduction, and increased productivity are all benefits of BYOD, but are there implications of this unique IT business model?
Mobile Security & Potential Data Leakage
Of the various BYOD security concerns, data loss and increased data leakage sits at the top. Security leaders, CIOs and other IT decision makers are haunted by mobile app downloads and external wireless connectivity as it exists outside organizational security protocol. In fact, an HP study explains that 86% of these mobile apps lacked basic security protection which provides a gateway for hackers and could easily lead to malicious activity on the business functionalities of your mobile device. Because you host both personal and business data on your smartphone or tablet, you may have unintentionally exposed private data and this leads to yet another security issue!
User Carelessness (Unintentional)
It is highly likely that your attention to security detail does not change simply because you hold business data on your own mobile device – users don’t reflect on the consequences of deficient security hygiene. A cringing moment… up until the most recent smartphone updates, there was no password requirement which poses a significant problem on lost or stolen devices. A nickel’s worth of advice: Invest in Enterprise Mobility Management; this set of systems allows IT and security managers to monitor mobile devices and prevent unauthorized access to enterprise applications and company data.
Requires Additional Resources
In an attempt to prevent complications related to the first two issues, companies are obligated to spend more money to protect mobile hosted enterprise data. Regulatory fines are also a negative consequence relating to mobile threats and now organizations are forced to modify the overall infrastructure to meet the security demands of the mobile workforce. The 2016 Spotlight Report claims that 35% additional IT resources will be required to manage their mobile security programs. These costs are pinpointed at increased workload, malware and data loss – what a surprise…
Despite the fact that companies must spend more money to protect mobile hosted enterprise data, the additional resources spent are well worth the security protection. A prominent healthcare organization, Oregon Health & Science University (OHSU), recently reached a $2.7 million settlement for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) after an investigation by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) uncovered critical security errors at OHSU, according to the U.S. Department of Health and Human Services. OHSU suffered multiple data breaches that put thousands of individuals’ personal information at risk. The major reason for these breaches was due to OHSU’s violation of HIPAA compliance by storing the electronic protected health information (ePHI) of over 3,000 individuals on a cloud-based server without a business associate agreement. The case of OHSU should be a warning to all organizations that security vulnerabilities must be remediated, especially with cloud-based servers and mobile hosted enterprise data.
As we continue our series of posts on security awareness, NuHarbor hopes to enlighten our readers with security best practices and industry advice on the different areas of vulnerability. Stay tuned for our next post!
