Guest commentary: “Bring Your Own Device” – Security Leaks for SMEs
14/07/2015 Peter May
Link to the article (http://www.computerwelt.at/news/technologie-strategie/security/detail/artikel/111842-gastkommentar-bring-your-own-device-sicherheitsrisiko-fuer-kmu/
The dual-purpose use of smartphones and tablets for personal use and business contributes towards making the workday less complicated. However, the BYOD (bring your own device) culture bears underestimated security risks for companies as hackers benefit from growing functionality of mobile devices. Accessing another person’s most sensitive data is fairly simple. Yet it is particularly small and medium sized enterprises that fail to adequately understand and respond to these security risks.
Feel the need to decide on business or personal use or both? The use of a personal device for business purposes establishes mobile remote access to the company’s network. Despite the comfort and ease this provides it also bears a number of risks. Apps provide gateways for malware such as Trojans, root exploits and spy software. To access data, hackers also frequently set up free wifi hotspots in public spaces. Insufficient security measures to protect your company’s data in the use of handheld devices can compromise the entire enterprise as it is vulnerable towards cyber threats.
Neither employees nor managers are aware of the risks mobile devices bear. SMEs seldom protect their mobile devices, which can incur severe damage to reputation and lead to financial losses. Whilst little attention is paid to security by SMEs, the amount of virtual threats is on the rise, becoming increasingly complex and difficult to resolve. Hackers are becoming more strategic, engaging in diversionary manoeuvres, leaving false fingerprints behind. Data can be appropriated silently, business networks can be manipulated and entire production processes can be brought under unauthorised control. Insufficiently protected mobile devices are the prime gateway for industrial espionage.
In most cases, a cyber attack is not even required to gain access to sensitive data. Lost or stolen mobile devices provide an equally high risk. Potentially sensitive business data can be easily accessed if mobile devices fall into the wrong hands. Ideally, data on business mobile devices should be remotely deleted.
How can businesses protect their data?
It is imperative that businesses keep up with technological progress in the security domain. The personal use of devices also used for business purposes demands highest IT security standards. A variety of security software provides solutions for the protection of business data.
Fundamentally, in order to protect mobile devices, the use of an isolation or container solution is recommended. This solution splits the mobile device into two functional areas that operate parallel to each other – one personal and one business segment, uniting two devices in one. Employees can install apps for private use, which are no longer a threat to the business segment due to the explicit division between the two segments. Under the Mobile Device Management function the business segment can be designed and protected separately. Communication with the business network is solely possible via this protected segment.
One of the largest security leaks, the human factor, cannot be filled by technology. Therefore, the sensitisation and training of employees is imperative in order for businesses to be aware of threats and act preventatively. Security standards on smartphones need to be updated regularly without failure by employees. Complex passwords are a basic requirement for IT security and should be changed periodically. Providing fitting IT solutions allows for high levels of data protection, which forms an underestimated but essential part of business success in SMEs.