Mobile Shopping and BYOD Security

Employees and employers alike prefer to think of their private lives as distinctly separate from their professional ones. While this is an admiral ideal, the advent of newer and cutting-edge technologies have made this all but impossible. One of the newest ways that the professional sphere has started bleeding into the personal (and vice versa) is with the advent of BYOD, combined with the inherent dangers of shopping from a smartphone.

Initially, the two may seem wholly unconnected. Who cares what employees do in their free time, right? Unfortunately, once an employee has downloaded work-related information onto their smartphone, a breach of their personal security can suddenly put their employer’s privacy in jeopardy as well. And, if the most recent holiday sales trends are anything to go by, this is a problem that businesses will be seeing more and more of.

According to reports made by the National Retail Federation (RNF), the 2016 holiday season was filled with consumers buying products from their smartphones. Some quick numbers to give you an idea of the marketing landscape as it pertains to smartphones:

  • Shoppers, even business professionals, showed little to no care about reselling their old phones without giving them a proper data wipe.
  • Shopping done via smartphone reached an all-time high in 2016, despite the dangers that information may be stolen from a smartphone. Notably, 62% of these purchases were related to buying and selling other smartphones.
  • Despite confirmed security weaknesses, Android users continued to use factory resets in place of data wipes before selling their old smartphones.
  • When polled, most mobile shoppers said they would accept an employer-backed data wipe of their old smartphone for security reasons.

There are clearly some positive and negative aspects to these findings, but it’s wise to first look at what, if any, dangers mobile shopping can present to a BYOD work environment. Mobile shopping is an ever-growing market, so what kind of security can shoppers expect to receive from their favorite digital sellers?

The State of Mobile Shopping Security

There are millions of mobile apps dedicated to making shopping via smartphone quicker and easier than ever, but these advances don’t mean that the process has become any more secure. In fact, thanks to new mobile attack vectors like improved malware, jailbroken and faulty devices and unsecured Wi-Fi networks, the process of shopping from a smartphone may be more dangerous than ever.

According to findings by Consumer Report, the most common causes of mobile security breaches are through “free” applications that secretly scan a phone’s photos, browsing habits and can even read and send text messages from the user’s smartphone. Google Play and the Apple Store have found hundreds of malware-laden applications and deleted them, but users have to wonder if it’s possible to catch and remove every malicious application.

At this point, you’re probably wondering what security measures are being taken to stop these rampant security risks. Unfortunately, the vast majority of shoppers don’t seem too concerned with the state of mobile data security. From their perspectives, all the information about data security and smartphones is just senseless worrying with no basis in reality. For organizations with a BYOD policy wherein employees use their smartphones to access private information, this disregard for mobile security should be extremely alarming.

The Connection

As previously established, the private sphere of life is no longer separate from the professional. BYOD is one of the hottest trends in the workplace due to its convenience for employees, but it’s nothing less than a security nightmare for employers. While employees require access to private information to perform their duties, there’s no inherent guarantee that the data will remain secure on the employee’s personal device. As an organization, you can invest all the money you like into your data security only to have it all unraveled by something as simple as an employee downloading the wrong application, and that news should be taken seriously.

The most recent study from the Ponemon Institute found the average cost of a data security breach to be $4 million. With numbers like this, no organization can afford to blindly accept the risks that come when mobile shopping combines with BYOD. Given the popularity of BYOD, however, there’s no effective way to stop employees from using their own devices to complete on-the-job tasks. With outright refusal to adopt BYOD practices off the table, what options are left to you as an employer who wants to keep their data security tight and stay current with BYOD policies?

Managing BYOD to Minimize Risk

Creating a BYOD policy will greatly enhance your resistance to cyber-attacks, but doing so is a multi-staged process. While creating such a plan will require an investment of time and energy, the rewards can be substantial. With a proper BYOD management protocol, your data security will remain secure regardless of what your employees download onto their personal devices.

Let’s start at the beginning, with what considerations you should make at the outset of your drafting process.

  1. Clear and Actionable Guidelines

As you begin drafting your BYOD policy, you’ll want to focus on creating a strategy that is both clear and enforceable. The idea of a BYOD plan is for your organization to have a clear plan of action for maintaining security where employees use personal devices, and that’s not going to be possible if your policy is murky or unactionable

For this reason, one of the most common first steps is to create BYOD policy agreements and require the signatures of employees who wish to use their personal devices for work. This way, everyone is on the same page about what is expected of them and knows that they’re responsible for protecting the private information while it’s on their devices.

Now that you have the guidelines for how you should be creating your policy, what kinds of things should you be including on this plan?

  1. Grant and Restrict Access

One of the first protocols you’ll want to establish is who has access to what information. In your BYOD policy, ensure that you’ve fully explained who can use personal devices and what information they’re allowed to access with them. Who has clearance to access private projects from their mobile device? In what situations can personal devices connect to your organization’s network? By clarifying who can access your private data, you’ll be well-suited to minimize the danger to your more sensitive information.

There’s no better way to stop data from being stolen than to not allow it outside your data security parameters in the first place. That said, sooner or later an employee will need to access private data from their mobile device. How can you keep your data secure in that situation?

  1. Destroy Data Before Reselling

Just because you allow employees to access data from their personal devices doesn’t mean that your information has to stay there. Recall the findings of the RNF’s study; most mobile shoppers reported that they would happily allow their employer to wipe sensitive information from their old smartphones. Given that this is such a popular attitude, there’s no reason for your business to not make the most of this situation.

Say that an employee has been granted clearance to use a personal mobile device to access private information, but has now decided to sell their old hardware. Without a proper data wipe, your organization’s secrets will remain on that smartphone and be readily available for the next buyer. By offering free data wipes for employees, however, you can shut down this potentially disastrous data security risk.

Of course, not all data wipes are created equal. As you weigh your options, consider using ClaraWipe to remove unwanted data from your employees’ used smartphones. ClaraWipe is internationally accredited and remarkably user-friendly, which is precisely why it’s so popular with businesses in need of reliable data destruction.

Regardless of what data wipe you use, inform your employees that you’ll happily wipe data from their for-sale smartphones. In fact, you’ll find that keeping your employees aware of their impact on your data security to be one of your best means of defense.

  1. Educate and Maintain

All of this is great for general BYOD, but how does it relate to shopping from mobile devices and their impact on data security? What can you do to stop employees from downloading potentially dangerous applications that could compromise your organization’s security?

The bad news is that there’s no magical solution that will stop your employees from downloading malware or accessing rogue Wi-Fi connections. The good news, however, is that your employees are most likely intelligent and willing to learn about these potential dangers. By setting up a system where your employees are routinely educated about how to protect themselves from data security threats, you’ll also be educating them about how to protect your organization.

Education is not a one-time occurrence, which is why it’s essential that your organization maintain this practice to keep employees on the cutting edge of data security. By informing them about simple dangers like malware-infested shopping apps to the risks of jailbreaking their devices, you can protect your own data security while acting in the best interest of your employees. Without putting too fine a point on it, that’s a huge win-win scenario.

The Big Picture

Creating a BYOD protocol is a multidimensional process, but it’s one worth investing in. For most mobile shoppers, they’re actively participating in a dangerous system without even being aware of it. By following these guidelines, you’ll be able to better protect both your organization and your employees from the risks presented when BYOD combines with mobile shopping.

References:

"Cell Phone Security | Wireless Threats - Consumer Reports." Cell Phone Security | Wireless Threats - Consumer Reports. June 2013. Web.

"Holiday Forecasts and Historical Sales." National Retail Federation. 2016. Web.

"How the smartphone changed everything, or, the rise of BYOD in the workplace." Ars Technica. 23 Jan. 2016. Web.

"News & Updates." Ponemon Institute and IBM release the 2016 Cost of Data Breach Study - News and Press Releases. Web.

Clarabyte ClaraWipe Clean Hard Drive Clear All Sata Complete Data Removal Cyber Security Data Destruction Data Removal Verification DBAN DoD 5220.22-M e-steward e-stewardship FACTA GDPR GLBA HIPAA HITECH ISO 27001 NIST 800.88 PCI DSS PIPEDA r2 Remove Data from Hard Drive Remove Data from SSD Secure Data Removal SOx Verify Complete Erasure Wipe Hard Drive

← Older Post Newer Post →