Company Concerns: Why BYOD and Mobile Apps Don’t Mix
More and more companies are allowing employees to bring their personal mobile devices to work and connect to the company’s network. But, this raises serious security concerns by IT departments. Apps, that are not vetted by IT, are making their way into the corporate network environment, overloading the network, causing bandwidth usage problems, and creating a security headache.
Research Shows Apps Are a Growing Threat
Applications, like dating apps, flashlight applications, and other innocuous apps are a major security threat. According to IBM, 26 out of 41 Android dating apps had medium or high security vulnerabilities that could compromise corporate networks, allow hacking, spying, or theft of important company data.
Malicious Apps Aren’t Always The Problem
Most companies’ CEOs mistakenly believe that only malicious apps represent a threat. The solution is simple – keep malicious apps off the network, right? Not so fast. Dating applications with security vulnerabilities, can access data on the network and on the employees’ phone.
If phone data consists of corporate contact information, internal documents, and client case files, a serious legal liability issue arises.
What happens when apps start collecting data and then sending it back to the app developer for advertisers? In fact, this is a scenario that recently happened. A simple Android flashlight app was found to be collecting personal data from the users’ phone and relaying it back to the app developer.
In the same report, IBM warned that, once an app has control over a device, it could activate the user’s microphone or camera, exploiting it while collecting sensitive and often proprietary company information during meetings.
When those apps are accessing the company’s network, they may also scour that network and collect data from other users, including upper management, who also accesses the network. Data sharing is common with many mobile devices, and two devices on the same network are presumed to be “friendly.”
This isn’t always the case, however, when an app is collecting data and relaying that data to third parties.
The legal liability extends far beyond just leaking internal documents and compromising proprietary information. In healthcare settings, it could violate HIPAA laws, and create criminal liabilities for corporations.
Solving The Problem Involves Using App Readiness Best Practices
When a theft of data has been committed, this digital forensics company can nail down the culprit, but it can’t always recover the qualitative loss suffered by the company. Reputations have been ruined by little more than a preventable data breach.
The best protection is prevention. App readiness best practices is a new security protocol that could save companies millions of dollars in lost or compromised data, security breaches, and lawsuits.
Software deployment has traditionally been done server-side, with security managed at the device. But, with BYOD, a new approach to security needs to be implemented – a cloud-based approach. Allowing users to access the network, but restricting access based on app usage, will help prevent security breaches.
Enhanced employee education will also reduce the number of incidences of an app trying to connect to a secured network.
Jared Stern is the CEO of Prudential Associates, a company focused on digital forensics and investigative technical project management. He has over 24 years of experience as a private investigator licensed by the Maryland State Police, executing and managing more than 2,000 computer-related investigations at every level, including clandestine activity monitoring in civil and criminal cases, recovery of stolen data and equipment, and computer forensics and eDiscovery on networks, desktop computers, laptop computers and cell phones. Mr. Stern holds Forensic Tool Kit (FTK) vendor-specific certification as an Access-Data Certified Examiner (ACE). He has built and equipped an entire digital forensics laboratory now serving Maryland legal community, local government agencies, and private clients.