Mar 14, 2014

The influence of mobile hardware is becoming stronger as more enterprises adopt bring-your-own-device policies and integrate the equipment into everyday processes. While the mobile movement has significant benefits, it also has risks that must be evaluated before diving in. Mobile security and the increasing sophistication of malware are becoming worrisome for many businesses, and it will be necessary to establish security measures to mitigate these threats. Through these means, organizations can assert better mobile access control and protect sensitive information from leaking out.

While there was substantial hesitation at first to accept BYOD – in some cases there still is – more companies are beginning to realize the potential value the trend could bring. According to HR Magazine, nearly half of organizations are now allowing their staff to use their personal devices in the workplace. Although only 38 percent of employees are leveraging their mobile hardware for business communications and accessing corporate information, the number is steadily growing. This shows that despite the potential risks that mobile initiatives may bring, the advantages cannot be ignored. However, in order to get the most out of the mobile effort, companies will need to develop a security strategy and a device use policy.

Sophisticated threats target phones
Smartphones are a popular choice for mobile file sharing across the organization, but the hardware is experiencing more threats. IDG News Service writer Jeremy Kirk noted that third-party marketplaces, especially for the Android platform, are coming out with more risky programs that may look like legitimate applications, but have been tampered with to send information and passwords to the attacker. The danger is more prevalent in Android due to reviewing processes that can allow malicious software to enter.

Even with a new device, owners aren’t safe from malware. Imported hardware is a target for viruses and other malicious programs, installing bundles of data-stealing applications on the equipment. Because these groups of software are not tested well, people may purchase a device that has preloaded malware on it that could remain undetected for years. With this advanced risk, it’s more important than ever for businesses to enforce protected practices like secure file sharing and encryption to keep information safe.

Taking responsibility for protection
While many organizations have established ways to thwart these threats, employees still don’t observe appropriate security practices. According to a survey by Absolute Software, a quarter of U.S. workers noted that data security isn’t their problem, and that there should be no punishment if they lose or leak company information. In addition, nearly 60 percent of participants valued their data at less than $500, further showing that they don’t understand the full impact of data on business processes. It costs U.S. organizations about $200 for each record that is lost or stolen, ITWorld stated. Although this may seem a small price to many larger companies, most breaches don’t take just one file, as thousands are often compromised in a single attack, which racks up a substantial fine to recover.

“The data may be carried around in the employee’s pocket, but the half million dollar fines we’ve seen levied due to data loss come out of the company’s pocket,” mobile enterprise data expert Tim Williams told BetaNews. “Clear policies, properly articulated to employees, will ensure that the entire company, not just IT, unites against mobile data loss.”

Data loss is becoming more of an issue for organizations as threats evolve. By using encryption and gaining file oversight, businesses will be able to mitigate risks and allow staff to use their mobile hardware effectively.