User Blogs

User Blogs

Discussions and Blogs

Jul 27
2012

“BYOD”? Mobile Security Tips for Small Businesses

Posted by: Robert Siciliano in MyBlog

Tagged in: BYOD

Robert Siciliano

Many employees have come to expect that they should be able to use personal smartphones and other mobile devices at the office. This creates problems for IT managers. A company’s IT staff may have a solid grasp on company-issued laptops, desktops, and even mobile phones, but it is almost impossible to control the results when employees begin connecting various types of personal devices to the company’s network. When you get that brand new Droid, load it up with apps, and then plug it into your work PC in order to update or sync necessary files, your company’s IT guy has to worry about whether that last app you downloaded might infect the entire network.

A study by ESET/Harris Interactive found that fewer than 10% of people who use personal tablets for work have enabled auto-locking with password protection. Only one in four secure the personal smartphones they use for work, and only one in three adequately protect their laptops. With well over 50% of employee’s personal devices left unsecured, lost phones, laptops, and tablets constitute a significant data breach risk.

Corporations that do allow employees to use personal devices at work have responded to this problem by implementing a BYOD (“bring your own device”) policy to help IT staff manage these devices and ensure network security.

So, what’s the difference between personal and employer-issued mobiles in the workplace? The short answer to this question is: there is no difference.

A smartphone provided by your employer requires a “company mobile liability policy.” This means they not only provide and pay for your mobile device, they also dictate what you can and can’t do on the device. In many situations, the employer may have remote capabilities to monitor activity and, in the event of loss or employee termination, wipe the data.

“Employee mobile liability policies” are for employees who prefer to BYOD. While these employees may pay for their own devices and their monthly data plans, but the same restrictions can (and should) be imposed on employees who use personal devices at work. If you choose to use your personal device for work purposes, at any time, for any reason, your employer will more than likely want control over that device. This means that, again, your employer may have remote capabilities to monitor activity wipe your device’s data if it is lost or you resign or are fired.

In both situations, the employer will be liable for leaked data. So if you choose to BYOD, be prepared to give up some liberties.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. 

Trackback(0)
Comments (0)add comment

Write comment

busy

Subscribe via Email

 Your Email:

Tag Cloud

2012 abduction Aberdeen Group alarm alarms Android Apple Apps ATM Skimming Audit Bank Fraud Banking Security BillGuard BlackBerry botnet BPM breaches BS 25999 burglar burglary Business Continuity BYOD change management cheating children pictures Cloud Cloud Security Cobit collaboration Compliance computer failure Consumer IT Tips contactless credit card credit card breaches Credit Card Fraud credit cards credit fraud Cross-Device Security Cyber gangs cyber monday Cyber Security cyberbullying cybercrime cybercriminal cybercriminals cybersecurity cyberwise data Data Backup Data Breaches data security Data Storage DDOS Device Reputation digital devices Digital Forensics digital life Digital Security digitally secure Disaster Recovery DNS download DPI driver's license dumps E-Commerce eBanking Electronic Discovery Electronic ESI electronic passport EMV Endpoint Security entity theft Epsilon ERM ESI Ethics Events Facebook FCC FCPA FDIC Federal Government FFIEC Financial Crisis firewall FourSquare Fraud gaming Gartner Geo-tagging gold farming Governance GPS grc GRC evaluation GRC Marketplace GRC technology readiness GRChange Green IT grey charges guard dogs Hackers Hackproof Hacktivism holidays home invasion home security Hotspot HP IAM iCloud id ID Theft Identity theft Information Management Information Security Information Supply Insider Threat Internal Audit Internal Controls internet safety iOS app iovation IP address iphone iPhone security ISACA ISO 27000 ISO 27001 ISO 31000 IT Alignment it compliance it governance IT GRC Forum Events it risk management IT Security IT Service Management ITIL jailbreaking Jobs keylogger laptop security Litigation Malware marathon mCommerce Member Discount Mobile Mobile Apps Mobile Banking mobile device Mobile Device Management Mobile Devices Mobile payment mobile phone mobile security Mobile Wallet mSecurity Multi-Regulatory Compliance multifactor authentication myblog Network Security New Years NFC NFC app Online Backup Online Banking online dating online gaming online identity online privacy online safety Online Security online shopping Operational Management OSHA Outsourcing P2P Security Panel Partner Offers passport passwords PCI Performance Management personal data personal device Personal Security pheasting phishing Policy predator Privacy Prize Draw QR Codes ransomeware ransomware Regulation E remote access resume fraud Risk Assessment Risk Management RSA Rules safety tips scam scammer scammers Scams scareware Seasonal Security security apps security tips sext Shopping shredding skimming Skimming Fraud small business smartphone smartphones smishing Social Media social network Social Security SOX spammers spokesman Spyware SSDs Standards strangers Strategy tablets tax scams Tech tech support technology Threat Management Tokenization TQM Twitter typosquatting Virus VPN wallet web Webcast Q&A Wi-Fi WIFI WiFi password wireless
Banner