by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
GRC Professional : GRC Winter 2012
IN THE OFFICE 30 GRC Professional • Winter 2012 Corporates are more exposed than ever before when it comes to the safety of sensitive and proprietary data. “employees are downloading email onto their phones and tablets and taking that information away from the organisation,” remarks ty miller, Chief technology officer of technology security company, pure Hacking. It is alarming then that industry researcher Goode Intelligence found in its most recent report that that 64 per cent of users don’t encrypt the confidential data stored on their smartphones. In another study, Juniper Networks found that more than 76 per cent of users access sensitive information with their mobile devices. Workplace use of smartphones and other portable devices is growing exponentially. the trend is driven by employee demand, and organisations that don’t meet that demand could be leaving themselves in the dust, says Jim Watson, Corporate General manager at Good technology. “BYod is becoming as standard to people in the work place as superannuation and car allowances.” Companies are increasingly differentiating themselves by their ability to handle the BYod trend in the smartest way. Data containment When it comes to creating a framework or policy to protect sensitive data in a “BYod world”, the first thing companies need to do is establish boundaries between what is personal and proprietary information. “Before, when companies bought phones for employees, the solution was to wipe Experts recommend that the separate data encryption strategy needs to be backed by a policy signed by the employee to ensure the company can’t be held liable for loss of personal data. the devices remotely. Now that policy doesn’t work because they are at risk of wiping personal information,” miller remarks. Watson recommends the “container strategy” in which company information sits in an encrypted application on an employee’s device separate from personal information. “If you have an encrypted secure container, you can isolate data – you don’t want to get into a litigious situation with an employee for wiping data unnecessarily, and if a phone is lost you don’t have to go to the trouble of wiping the entire phone and then finding it an hour later,” Watson says. Both experts recommend that the separate data encryption strategy needs to be backed by a policy signed by the employee to ensure the company can’t be held liable for loss of personal data as a result of action relating to a potential data breach. Safeguard from cyber attacks the second biggest threat to companies in a BYod environment is the potential that personal devices can introduce malicious software and open the door to cyber attacks, the experts say. android phones are more open to being compromised because they are not as strictly vetted as iphones and BlackBerrys, miller says. “[androids] have more malicious apps because they don’t have control ... apps can be a backdoor to the system,” he says. In addition to applications, wireless networks can provide an access point for cyber attacks. “Wireless access point passwords are usually weak compared to company standards.” Smartphones in the workplace: What’s the risk? Counteract the potential damage that can be caused by BYOD (Bring Your Own Device) in the workplace by following these tips. By Matthew SMith
GRC Autumn 2012
GRC Spring 2012