Endpoint Data Security: An Important Issue Worthy of a Second Look
Earlier this month, Forsythe Solutions Group, Inc. published an article entitled: ‘Mobile Device Security in the Workplace: 6 Key Risks & Challenges’. In it, the authors assert that mobile devices such as iPhone and Androids are the constant companion for many modern employees. This allows the employee to keep emails, updates and calls within arm’s reach (or closer) at all times.
The widespread and ubiquitous integration of smartphones and tablets into our daily lives has created an environment where hackers are taking every opportunity to gain access and steal user data. The common perception is that these smartphones and other mobile devices are secure by default – this is a potentially dangerous and costly misconception. If a user fails to take the necessary security precautions, which they may or may not be fully aware of, this could leave the endpoint device vulnerable to a cyber-attack. As the Forsythe Solutions article points out, “With the right (inexpensive) equipment, hackers can gain access to a nearby mobile device in less than 30 seconds and either mirror the device and see everything on it, or install malware that will enable them to siphon data from it at their leisure.” And THAT is scary.
What this all means for business owners is that their data now extends far beyond the protection of the company’s firewall or servers. If trends continue as they have, a significant and growing percentage of corporate data will go directly from employee endpoint devices to the cloud. Now is the time for all business owners to recognize where their data is, who has access to that data, and where it is going.
Forsythe Solution Group lists the key risks and challenges of mobile device security as:
Physical Access – where the device is located and if it becomes lost or stolen, experienced hackers can retrieve sensitive information even when the endpoint device has been “wiped” or reset.
Malicious Code – this includes spam, phishing, weaponized links, and rogue applications or code sent via text. Check out This Text Message Will Crash Your iPhone
Device Attacks – designed to either gain control of the device or function similar to DDoS attacks on PCs
Communication Interruption – the key points of weakness here are Wi-Fi networks. Wi-Fi hacking and man-in-the-middle (MITM) attacks are considered to be relatively easy to execute. Also, criminals can potentially intercept and decrypt cellular data transmissions.
Insider Threats – whether accidental through the misuse of personal data sharing services or malicious through the unauthorized transfer of corporate data, the potential for insider threats will persist within many business environments.
Business owners must recognize the potential for data breach/data loss and take proactive steps to minimize these threats. This can be accomplished through communication, education and training of employees. Other factors to include are top-down policy creation and program implementation, thorough risk assessment, as well as monitoring and evaluation conducted on a regular basis. As the old saying goes, “Failing to plan is planning to fail.” And that is something we all want to avoid!
Note: All trademarks, service marks, trade names, trade dress, product names and logos appearing on the site are the property of their respective owners.