Although some recent reports have been trying to downplay the “mobile threat” by saying mobile malware has not been a significant contributor to data breaches. This simplifies the mobile problem over much, unfortunately, assuming that malware is the only threat vector on a mobile device. In reality, mobility amplifies the risk to data breach from many angles.
A recent survey by Phoenix in the UK shows that over half of UK workers (nearly 60%) over the age of 18 are using mobile devices and tablets in the workplace that are entirely unmanaged by their organization’s IT department. These BYOD devices are connecting to the corporate network, are accessing corporate data, and in themselves contain many risk points that could compromise corporate data security. If a device is lost, not only will IT not know about it, but will have no tools at its disposal to locate the device or remove sensitive information.
It only takes one missing device, one use of insecure WiFi, one compromised password, one click of a phishing email (and so forth) to compromise the entire corporate network. Do you trust your employee to use a different password for Twitter than for corporate network access? Such connections compromise the network in non-linear ways. Is there going to be an obvious connection between a specific incident on a mobile device and a data breach? Not always, but we think the risk is obvious.
Through training and policy, employees need to be made aware of their role in protecting corporate data. Technology and process can help protect corporate data from being used on non-approved devices and can help enforce stronger security practices on approved devices. Our BYOD Policy Implementation Guide can walk you through everything you need to know to legally secure and manage employee-owned devices.