Today, it is easier to work from anywhere , thanks to the increase in the number of high-quality Wi-Fi connections. Even just a few years ago, the fixed desktop with an Internet connection was still the norm. Today, company staff no longer need a permanent desk, as various mobile devices enable them to work in different locations. Mobile staff can share data with their coworkers – but it is imperative that this process is secure.
Accessing your data – from any location
The physical whereabouts of data is not the only aspect of work that is becoming more flexible. Bring Your Own Device (BYOD) is custom in many areas today. Personal computers, tablets and smartphones will need to be incorporated into the network of the business, if staff are going to be able to work on the devices they are familiar with. However, each member of staff may be working with company data on their own personal device; which presents unavoidable security risks. These devices could have security vulnerabilities that enable unauthorised people to access the data – or even the corporate network.
[easy-tweet tweet=”Company #data on personal devices; presents unavoidable #security risks” user=”brainloop_en” hashtags=”BYOD”]
But it is possible for staff to work on their own devices without compromising company data. First, the company should ask itself the legal questions; such as “to what extent are employees allowed to access internal network services?”, and “can they work with and save company data on their devices?” The firm may also want to introduce technical security measures. In these cases, it needs to guarantee security wherever the data is being used and stored, as well as securing the data transference itself.
For instance, a company could specify that the only permitted devices are those that access the internal network. This can be done by using secured VPN connections and encrypted hard disks. The company could also limit access to certain services, meaning that users’ devices would act as a terminal for a dependable cloud application that gives staff a secure dataroom.
Are ‘practical’ applications secure?
The use of apps that are in widespread use on mobile devices is a particularly sensitive point. A large proportion of the free, business-oriented storage applications promote the fact that they offer modern file management, a competitive amount of storage space and that documents are centralised in the cloud. Then you have so-called productivity apps that let users draft ideas, collect information and make notes to share with and work on with colleagues.
Is the data transmission secure between the mobile device and the cloud computer?
But are these cloud applications secure? Who can access to the cloud servers and the data stored on them? Is the data transmission secure between the mobile device and the cloud computer? And is the app only using the data it really needs?
Recent research results show that these are justified questions. Researchers at the Fraunhofer Institute for Secure Information Technology (SIT) found that companies’ security requirements are not met by three-quarters of the most popular businesses. IT specialists at Germany’s University of Bremen found that many apps command more permissions than they actually need. 91 per cent of the 10,000 most popular Android apps tested by researchers at the Fraunhofer AIESEC institute require permission to connect to the Internet – without telling the user why. Most of the apps tried to send personal data to servers globally, as soon as the app was launched (without asking the user!) – two-thirds of which sent the data unencrypted.
So what can be done by companies and users to control this unwelcome data leakage from mobile apps? The four main mobile operating systems were examined in a new study by DIVSI (the German Institute for Trust and Security on the Internet). It concluded that apps running on a typical Android operating system have the most flexibility in terms of accessing data, whereas iOS and BlackBerry users can remove access permissions from the apps and restore them later as required. This option is not offered by Android or Windows.
These restricted control options show that companies running a BYOD strategy must make it an urgency to provide staff with a secure collaboration and communication tool.
How likely is data misuse?
The risk of data misuse is significant. The losses to German business sits at €11.8 billion per year, a representative survey on industrial espionage by management consulting firm, Corporate Trust estimates. The approximate figure was only a third of what it is now, two years ago. “We’re probably already in Cybergeddon,” says the study leader Christian Schaaf. “We can only hope that companies react soon and implement the appropriate security measures.”
[easy-tweet tweet=”Cybergeddon – learn more from @brainloop_en by reading this article” user=”comparethecloud” usehashtags=”no”]
Half of the 6,800 companies surveyed said they had fallen victim to a hacker attack on their systems. And 41 per cent had discovered eavesdropping or interceptions on their electronic communications. Customers or partners asking staff leading questions to extract information was the third greatest risk at 38 per cent, and at fourth place with 33 per cent came data stolen by businesses’ own staff. Worst affected of all are innovative midsized companies – yet midmarket firms have inadequate awareness of the risks and few of them employ an effective protection strategy. Some companies are starting to respond by separating private and business use on mobile apps. That’s a significant step but is not adequate to protect documents.
What substitutions can businesses offer their staff?
Information security is accessible in the cloud as elsewhere, but it requires a series of measures to be employed. It is vital for companies to make their staff aware of the risks and offer them secure applications, in view of the precarious situation at hand. Employees should never be tempted to find a time-saving or more practical workaround – such as quickly sharing a document on a popular but non-secure application. This means that the security tools companies provide must meet all the principal usability standards for security and reliability, as well as convenience and flexibility.