As the lines become further and further blurred between our business and personal lives, our mobile devices often endure the same struggle. There is an incredible amount of sensitive data stored in these devices, and mobile apps frequently represent an unlocked door for cyber criminals to break in. Therefore, it comes as no surprise that a new study from Gartner has predicted that, by 2017, mobile apps are expected to become the main victims of endpoint breaches.
With smartphones and tablets becoming so essential in both our business and personal lives, it is easy to see why the data stored on these devices would look so appetizing to cyber criminals. Yet, as Midsize Insider points out, popularity isn’t the only thing that makes mobile devices vulnerable. According to Gartner, 75% of all of those security breaches attacking mobile devices by 2017 will actually be caused by a misconfiguration of mobile apps and programs.
“Mobile security breaches are – and will continue to be – the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices,” explained Dionisio Zumerle, principal research analyst at Gartner.
As Zumerle suggested, one of the prominent misconfigurations of mobile technology is the result of professionals using personal cloud services for business data. Organizations practically manufacture this problem for themselves when they choose to have employees bring their own devices to work and don’t demonstrate a strategy for securing workplace data. Further actions that employees may have performed on their personal devices, such as “jailbreaking” or otherwise enabling their device to bypass some of its native limitations, only serve to create more vulnerabilities that further open up the device – and its data – to the risk of malware.
By the end of 2014, Gartner predicts that there will be more than two billion smartphones and tablets in use, many of which will be utilized for the hybrid purposes of both personal and business use. By suggesting that employees work off of their personal devices, employers are inheriting any and all vulnerabilities that these devices bring with them. Any misconfiguration of an employee’s phone or tablet that was once their own business is now endangering corporate data.
To combat this matter, companies need to tighten their hybrid device policies and create specific restrictions for company use. It may seem unfair to employees to assign policies on their personal devices, but, at the very least, a mobile security education can be very useful for everyone on both a business and personal level.
The reasons that companies allow (or, request for) employees to bring their own devices are clear. This practice saves organizations money that would have otherwise been invested in acquiring their own devices and likely a more extensive IT department to maintain them. This practice also enables a more flexible way for employees to manage their workload from offsite. In order for this practice to ultimately be successful, IT departments need to shift their focus from network security to device endpoint security.