Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The BYOD mobile security threat is real

Tom Kaneshige | May 31, 2013
Cloud storage, text messaging, poor accountability and the "Bad Leaver" open the doors to data breaches in a BYOD environment, says a cyber-crime expert.

Not only do you have the collection costs to deal with, you also have an additional gatekeeping step that must be completed before attorneys can even put eyes on the information. More and more employees are demanding that their personal information be kept separate from the business information subject to litigation. Companies may have to hire a forensics shop like ours to separate the wheat from the chaff.

Have you seen BYOD lead to a security breach?

The most common way BYOD policies affect data security and breaches is in the cross-pollination of passwords. A person is probably using the same or very similar password as the one they use on their home devices.

We actually had a call with a client with the FBI on the line. In one of the large public data breaches that's been highly publicized, the FBI saw the list of published consumer names, addresses and passwords and recognized one of the names - a high profile IT manager or engineer for a significant technology firm. The FBI called up the company to tell them that this person's personal email account had been hacked and that they might want to check up and see if it affects them.

Sure enough, the person had been logging in from home into the corporate network using the exact same personal user name and password. Fortunately, no breach had occurred, and they were able to close that loop. It was just coincidence, luck and a good FBI agent to recognize that person's name.

This shows the cross-pollination that often occurs when people start treating work devices as home devices and vice-versa.

Is there a mobile security blind spot?

Text messaging underlies a lot of interest in what's new and different.

In the old days, you really had two sources of documents that you were concerned about. One was email, the other e-docs, such as a PowerPoint presentation, a Word document, Excel spreadsheets, sometimes engineering drawings. You'd search the file server and email server implicated in the investigation, as well as the employee's workstation.

With mobile devices, you have not just the devices and repositories but the type of information coming off those devices that's different. In particular, text messaging appears only on the phones and nowhere else on the corporate network. Service providers can only provide you with information such as connection times and numbers connected, maybe volume of information, but they're actually not saving the content of individual messages.

So while a bad leaver may have communicated with their new employer through maybe even a personal email account, now it's increasingly common to see them text messaging their buddies across town and conveying private or valuable information that way. In the most nefarious cases, some messages on systems such as Snapchat are designed to disappear even from the phone itself.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.