Blog
In the press: How breaches are paving the way from BYOD to CYOD policies
December 4th, 2014
Cyber-security has returned to national front pages again this last year. Heartbleed & CyberVor are now common terms, whilst high profile breaches of the likes of major digital retailers eBay and Apple raise very big questions about security in the digital age.
What does this mean for field service companies who not only hold vast amounts of customer data, making them prime targets for hackers, but are also moving their mobile workforces swiftly to a digital environment where they can reap the rewards of better productivity.
As news broke of the World’s largest-ever data theft conducted by the Russian cybercrime group dubbed CyberVor we once again turned our attention to the question, “are our companies safe from cybercrime?”
All businesses with a digital presence waited with baited breath to learn if their users were affected by this reported attack. In some quarters people denied that an attack of this magnitude was even possible and questioned the validity of the claims, others saw it as a defining moment demarcating the size of risk we all face today.
“It’s a nasty reminder of the cyber risk threat which organisations face in 2014 and the need for boards to be prepared for attacks such as this.” Commented James Mullock, Partner at law firm Osborne Clarke.
Daniel Hedley, solicitor and technology specialist at Thomas Eggar LLP agrees, “From a business perspective, the key issue here is simply this: Who has your data? How much do you trust them to keep it safe? Businesses can face significant legal and reputational risks when they lose data, both under data protection legislation and under contractual confidentiality obligations such as NDAs. It’s therefore very important for businesses to know where their data is.”
Of course, perhaps the highest profile security breach in recent months is the failure of Apple’s iCloud, which even left a dark shadow over the launch of the latest iPhone.
Robert Rutherford, CEO of IT consultancy QuoStar commented: “The theft of personal photos from celebrity accounts has focussed the spotlight on the company’s approach to security, and has raised concerns”
“The problem is that whilst dispensing token security improvements with one hand, Apple has denied any responsibility for the breach with the other. The resulting image is one of a company that deliberately avoids transparency around its security practices and glosses over its mistakes.” Rutherford continued.
But whilst leaked photographs of naked celebrities doesn’t instil confidence, Apple’s iCloud is a consumer based storage so how does this impact the business community?
Businesses can control these risks, while still maintaining many of the benefits of cloud storage services and BYOD, by deploying a combination of technical measures preventing unauthorised uploading of business data.
As Hedley explains “While it is true that businesses will not generally choose a consumer-focused cloud service such as iCloud, in this age of staff using their own devices for both work and personal use, it is very easy for confidential business data to end up being uploaded to these services, without the IT department or senior management finding out about it until it’s too late. iCloud, in particular, can be problematic in this area because Apple’s devices will often back up everything on the device to iCloud by default.
“From a hacker’s point of view, a failure of iCloud brings richer pickings. There would be a lot of work involved in hacking into many individual machines whereas a security hole in iCloud would mean that millions of pieces of information would become available at once.” Professor Mike Jackson from Birmingham City University stated.
“Whenever you place information on a computer, that information becomes less secure. If you connect a computer to the Internet then the security risk grows. If you store information on a cloud service then you rely completely on security measures of the service provider. Once in the cloud, it’s these security measures which make the difference between privacy and the whole world being able to access your documents and pictures.”
Unregulated BYOD is an issue facing IT professionals the world over. As Matt Newing CEO of unified communications provider, Elite states “IT teams worry about losing control of IT, as employees all over the business connect personal devices to the company network, download software and applications and turn to cloud services”
Hedley added, “Businesses can control these risks, while still maintaining many of the benefits of cloud storage services and BYOD, by deploying a combination of technical measures preventing unauthorised uploading of business data (using technologies such as MobileIron) and user education.”
Recent research from Samsung found that 47% of UK companies had a work handset lost or stolen in the last 12 months. Almost a third of CTOs were however unaware of the number. Alongside this, a global survey of CIOs by leading analyst Gartner found that as many of 38% of companies plan to stop providing their workforce with devices at all by 2016.
“Laptops, mobiles and tablets can cost many hundreds of pounds per year for each employee, so BYOD has become very attractive. However, far from enjoying the flexibility and lower costs, companies that rush into BYOD without a strong policy face considerable risks,” said Hardeep Singh Garewal, President – European Operations, ITC Infotech.
“For unprepared companies, a lost or stolen device represents a catastrophic security risk, with the potential cost to their business far outweighing the savings. There are many solutions available, but we see many companies failing to implement a clear policy on keeping track of work devices. This hinders them from acting quickly to prevent breaches,” adds Garewal.
However, the new movement towards Choose Your Own Device (CYOD) offers an alternative solution that addresses both security and personal data concerns. This approach ensures the company retains full ownership of the device, removing uncertainty in safeguarding information on the device, yet still providing user freedom.
Garewal concludes: “While CYOD means the company must ultimately foot the bill for the device overhead and support, the level of control and assured visibility vastly simplifies issues around privacy and security. However, whether they use BYOD or CYOD, companies encouraging flexible working must ensure they are prepared to deal with imminent risks or spend all of their time fire-fighting to avoid major crises.”
Source: Field Service News
NEXT>> 10 quick ways to stop BYOD from being a burden
Public, Private, or Multi-Cloud: Getting the right mix for your business
For many businesses, the challenge with IT generally and with Cloud specifically, is one of complexity and choice. There are simply too many options to choose from, leaving firms uncertain about how to make good strategic choices. Competitive pressures, cost control and a need for businesses to be more agile and responsive are all good […]
4 essential things to do before you outsource your IT project
In today’s blog, we will be discussing four things you should do before meeting with providers to who you will potentially outsource your project to. 1. Determine your goals first Whilst you may think you need to have an extremely detailed project plan before approaching providers, you may end up missing out on expertise. A […]
Which type of IT support is best for my business?
One of the easiest ways for companies to gain other business efficiencies is to outsource part, or all, of their IT to a managed services provider. There are many options available and in today’s blog, we will discuss what each one will typically include. While the exact names may vary dependent on the provider, the following […]