There is a double-edged sword in the workplace that IT personnel feel they must either learn to wield or impale themselves on – BYOD (bring your own device) programs. Employee-owned mobile devices are as useful as they are potentially devastating to enterprise data security solutions, so while more businesses may deploy these intiatives, mobile devices remain a major nightmare for many management professionals.
On the one hand, there are the cost savings associated with mobile deployments. Less facility upkeep, more remote working, higher levels of productivity and more employee loyalty when they're given the freedom to set their own schedules and work at a different pace, and all at no extra cost to the company. The downfall is when endpoint security becomes an issue. Seeing as BYOD is driven by employee-owned devices, work is not the only activity these tools are used for, which could result in an increased likelihood of malicious targeting and hacking. It can be difficult to find security solutions for every kind of user, especially when every platform poses its own risks.
A mobile mess
There are trends that IT professionals should be mindful of when preparing a comprehensive data protection plan. For those working with BYOD constructs, knowing which tools are most likely to be targeted and by what kind of attacks can help a company plan ahead for the inevitable intrusion attempts likely to spawn from certain devices.
One of the newest threats on the mobile landscape is currently a sleeper, according to Hot For Security. The source stated that the bug focuses on Android phones, a likely target, seeing as it currently makes up the majority of the marketplace. The fake app installs itself on a user's mobile device and masquerades as the Android Store, though it doesn't function in any way like its icon indicates.
The entire purpose of the application is to track the device at all times, remotely connecting with a server and pinging the location every few seconds, according to CSO Online. Researchers are not yet sure what this software is intended to do, as it doesn't seem to execute any other sort of malicious attack, but the fear is that it could be paired with other spyware in the future.
CSO Online reported that a Juniper Networks review last year found Android attacks increase nearly 200 percent every year, meaning IT professionals should take a hard look at employees within the organization looking to use these tools as primary devices for work.
Focusing on the defense
Finding smarter ways to battle hackers is key for data protection. Seeing as there's no way to stop every attacker at the gates, server security should take precedence to protecting an individual user's device, as it's entirely possible that unregistered smartphones and tablets could still be trying to legitimately gain access to company information without IT professionals' knowledge.
Computerworld reported for CIO that it's better to think about the situation as company-owned versus consumer-owned. A business should take ownership of its devices the same way it does its data, instituting the same rigid practices and safeguards to secure its investments and business continuity. However, in a BYOD landscape, a company can execute less control over who tries to access its servers and when, and with limited access and authority over a privately owned device, there's no way to effectively maintain that instrument.
An online security study published by Computerworld found that nearly 60 percent of respondents were using some sort of enterprise-level mobile application to access their corporate networks, with more stating that these tools will likely expand within their organizations in the near future. Businesses need to take adequate steps to protect themselves from employees as well as third parties before implementing these solutions. Even though mobile devices are geared at improving efficiency while cutting expenses, they could result in a costly loss.
