The Cybersecurity Risks of BYOD : Are You Taking the Right Steps to Protect Your Company?
By David Freidenberg, CEO, POMM
Major companies are moving away from the once-required Blackberry work phone, and are instead encouraging employees to use their personal Apple or Android devices under an operational management structure called Bringing your own Devices(BYOD). This corporate IT strategy has become increasingly prevalent, particularly on Wall Street due to the opportunity for decreased capital expenditure. In fact, market researcher Gartner, predicts that 85 percent of businesses will have some kind of BYOD programs in place by 2020. In addition to the benefit of decreased capital expenditure, consumer devices are often so sophisticated and powerful that they give employees the ability to perform far more effectively in their work roles, which provides the advantage of business continuity. Further, businesses save money by not having to employ, equip and maintain an increasingly mobile and IT workforce with the expensive devices the staff need to best conduct their jobs.
Unfortunately, the BYOD trend has brought with it a slew of potential security risks, which are coming to center stage during a period of heightened awareness about the use of endpoint portable devices—such as smartphones—in the business world. The first of these risks involves the act of storing sensitive corporate data on smartphones; namely, if those phones are lost by users or are stolen from users, then the devices’ stored data can be accessed and misused by whoever winds up with it. Even if employees manage to keep their phones safe, they may occasionally lend them to friends or family members, who can stumble upon the sensitive data they contain.
“The BYOD ecosystem supports the needs for secure, safe, encrypted data exchange communication solution while operating through open cellular and internet communication”
Aside from the phones themselves, a second potential risk concerns the unsecure way in which data are transmitted to and from these devices. The problem of unsecure Wi-Fi connections was spotlighted in a recent large-scale survey of security professionals worldwide, conducted by Crowd Research Partners. Among the host of security concerns expressed by those polled, the number one response was data leakage/loss from mobile devices.
Speaking of the data transmitted and stored by smartphones, a third potential risk comes from the fact that many of these data items are unencrypted. Although The Atlantic recently reported that
Yet another risk involves the legal concerns that accompany BYOD. It is conceivable that a situation may arise when there is a suspicion of a breach or in case of an employee leaving or forced to leave the organization. But to what extent can a company justify retrieving the information on an employee’s phone without threatening his/her personal privacy? Where does the boundary lie between corporate and personal information when stored on a phone?
So how do we fix this? With a few technological advancements, companies could be able to take advantage of BYOD’s benefits without risking corporate and employee security.
One unique solution offering BYOD —known as POMM (Privacy On My Mind)—is based on a patented, hybrid, secure protective add-on case for smartphones. It also features a complementary, secure capability serving as a smart biometric e-token for secure remote data exchange. Designed to serve private users and their employers, the device allows hardware-based, isolated, secure data storage, data exchange and communication. The technology also incorporates a secure advanced permission-to-entry module that employs state-of-the-art biometrics—face-recognition authentication, identifying only the legitimate user in order to get access to the stored data and to operate the POMM device.
The POMM solution physically integrates the user’s smartphone with the POMM add-on case. All encrypted, stored data is managed through the POMM’s operational icons-based menu-supported capabilities—supporting both the user’s and employer’s needs for a secure, reliable smartphone. This BYOD solution makes possible a safe and secure, encrypted, employee and remote employer enterprise resources data exchange and management capability. In parallel, it is also consistently updating and managing the user’s privately owned, secure, stored data depository, thus acting to separately secure the user’s private data, as well as the employer’s enterprise-related sensitive data. The data may either be residing encrypted on the POMM-secured mobile device or remotely. The POMM BYOD also facilitates highly secure data communication management through a set of dedicated servers, creating for the POMM employee user a safe and secure encrypted communication link with the employer’s enterprise resources and management tools.
The POMM technology incorporates multiple functions. It is designed to protect personal photographs and videos gallery. All notes, passwords, emails and calendar data are kept private as well. It ensures that contact information remains private and offers both secure messaging and secured dialing, eliminating the smartphone’s call log. These features are in addition to its benefits for professional users, including protection and organization of private documents.
The BYOD ecosystem supports the needs for secure, safe, encrypted data exchange communication solution while operating through open cellular and internet communication. This technology is therefore well-geared to serve the BYOD-sensitive data exchange needs of employees and employers for their daily work, well combined with all employers’ enterprise IT-related staff management tools and data maintenance support tools.
Keeping pace with the risks that a BYOD strategy brings to the corporate environment can be a struggle for many organizations. With this new concept, the organization can have full control of the enterprise data that is on the employee’s device and can erase the organizational data when needed. The POMM provides a new hybrid dedicated hardware and software-based technology that protects mobile devices containing employers’ sensitive enterprise data; at the same time, it respects employees’ concerns over the privacy management of their own personal information. This approach is a must in the years to come.