In the press: How breaches are paving the way from BYOD to CYOD policies
December 4th, 2014
Cyber-security has returned to national front pages again this last year. Heartbleed & CyberVor are now common terms, whilst high profile breaches of the likes of major digital retailers eBay and Apple raise very big questions about security in the digital age.
What does this mean for field service companies who not only hold vast amounts of customer data, making them prime targets for hackers, but are also moving their mobile workforces swiftly to a digital environment where they can reap the rewards of better productivity.
As news broke of the World’s largest-ever data theft conducted by the Russian cybercrime group dubbed CyberVor we once again turned our attention to the question, “are our companies safe from cybercrime?”
All businesses with a digital presence waited with baited breath to learn if their users were affected by this reported attack. In some quarters people denied that an attack of this magnitude was even possible and questioned the validity of the claims, others saw it as a defining moment demarcating the size of risk we all face today.
“It’s a nasty reminder of the cyber risk threat which organisations face in 2014 and the need for boards to be prepared for attacks such as this.” Commented James Mullock, Partner at law firm Osborne Clarke.
Daniel Hedley, solicitor and technology specialist at Thomas Eggar LLP agrees, “From a business perspective, the key issue here is simply this: Who has your data? How much do you trust them to keep it safe? Businesses can face significant legal and reputational risks when they lose data, both under data protection legislation and under contractual confidentiality obligations such as NDAs. It’s therefore very important for businesses to know where their data is.”
Of course, perhaps the highest profile security breach in recent months is the failure of Apple’s iCloud, which even left a dark shadow over the launch of the latest iPhone.
Robert Rutherford, CEO of IT consultancy QuoStar commented: “The theft of personal photos from celebrity accounts has focussed the spotlight on the company’s approach to security, and has raised concerns”
“The problem is that whilst dispensing token security improvements with one hand, Apple has denied any responsibility for the breach with the other. The resulting image is one of a company that deliberately avoids transparency around its security practices and glosses over its mistakes.” Rutherford continued.
But whilst leaked photographs of naked celebrities doesn’t instil confidence, Apple’s iCloud is a consumer based storage so how does this impact the business community?
Businesses can control these risks, while still maintaining many of the benefits of cloud storage services and BYOD, by deploying a combination of technical measures preventing unauthorised uploading of business data.
As Hedley explains “While it is true that businesses will not generally choose a consumer-focused cloud service such as iCloud, in this age of staff using their own devices for both work and personal use, it is very easy for confidential business data to end up being uploaded to these services, without the IT department or senior management finding out about it until it’s too late. iCloud, in particular, can be problematic in this area because Apple’s devices will often back up everything on the device to iCloud by default.
“From a hacker’s point of view, a failure of iCloud brings richer pickings. There would be a lot of work involved in hacking into many individual machines whereas a security hole in iCloud would mean that millions of pieces of information would become available at once.” Professor Mike Jackson from Birmingham City University stated.
“Whenever you place information on a computer, that information becomes less secure. If you connect a computer to the Internet then the security risk grows. If you store information on a cloud service then you rely completely on security measures of the service provider. Once in the cloud, it’s these security measures which make the difference between privacy and the whole world being able to access your documents and pictures.”
Unregulated BYOD is an issue facing IT professionals the world over. As Matt Newing CEO of unified communications provider, Elite states “IT teams worry about losing control of IT, as employees all over the business connect personal devices to the company network, download software and applications and turn to cloud services”
Hedley added, “Businesses can control these risks, while still maintaining many of the benefits of cloud storage services and BYOD, by deploying a combination of technical measures preventing unauthorised uploading of business data (using technologies such as MobileIron) and user education.”
Recent research from Samsung found that 47% of UK companies had a work handset lost or stolen in the last 12 months. Almost a third of CTOs were however unaware of the number. Alongside this, a global survey of CIOs by leading analyst Gartner found that as many of 38% of companies plan to stop providing their workforce with devices at all by 2016.
“Laptops, mobiles and tablets can cost many hundreds of pounds per year for each employee, so BYOD has become very attractive. However, far from enjoying the flexibility and lower costs, companies that rush into BYOD without a strong policy face considerable risks,” said Hardeep Singh Garewal, President – European Operations, ITC Infotech.
“For unprepared companies, a lost or stolen device represents a catastrophic security risk, with the potential cost to their business far outweighing the savings. There are many solutions available, but we see many companies failing to implement a clear policy on keeping track of work devices. This hinders them from acting quickly to prevent breaches,” adds Garewal.
However, the new movement towards Choose Your Own Device (CYOD) offers an alternative solution that addresses both security and personal data concerns. This approach ensures the company retains full ownership of the device, removing uncertainty in safeguarding information on the device, yet still providing user freedom.
Garewal concludes: “While CYOD means the company must ultimately foot the bill for the device overhead and support, the level of control and assured visibility vastly simplifies issues around privacy and security. However, whether they use BYOD or CYOD, companies encouraging flexible working must ensure they are prepared to deal with imminent risks or spend all of their time fire-fighting to avoid major crises.”
Source: Field Service News
5 easy ways to streamline your business
Running a business can be difficult, particularly when it goes through a rapid growth phase. As a business owner, you may be feeling overwhelmed, overworked or just not as efficient as you know you could be. To remain competitive, businesses must boost operational efficiency, this is especially true in the SME market where organisations may […]
Cyber Security Post Covid: How to protect against attacks
Businesses have done a phenomenal job to keep going throughout Covid to keep people working from home, and at the same time building in those layers of security as they go. However, as this new norm sets in, there needs to be more security in place for the post covid world. Working from […]
Top 8 business technology trends for 2017
Technology is consistently evolving and developing at such a pace that it can be difficult to keep up with the latest trends, and most articles tend to focus on the developments in the consumer sphere. I’ve compiled a list of trends from an IT perspective and how they will apply to and affect the business world in 2017. […]