- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
CSO - As part of National Cyber Security Awareness Month, Rapid7 is publishing a series of easily emailed awareness tips. Last week, CSO shared the letter addressing the topic of phishing. Today, the topic is BYOD and mobile risk.
Note: For the previous letter on phishing, see this article.
"There has been an exponential growth in mobile malware these past few years, as smartphone and tablet adoption takes off," Saj Sahay, the director of mobile security at Rapid7 told CSO.
"Cybercriminals are increasingly targeting mobile devices, not only because of the growing use, but because with the hundreds of device choices available it's a herculean task for most organizations to understand their risks. User involvement in keeping their devices secure is the best way to mitigate mobile device risk."
What follows is a brief primer of BYOD and mobile risk, which can be easily copied and freely shared within the organization.
What is BYOD (Bring Your Own Device)?
These days the majority of people in the workplace own either a smartphone (like an iPhone, Android phone Windows mobile) or a tablet device, or in many cases, both. Frequently these mobile devices are used for all aspects of your personal AND professional life, for example if you have your company email on your mobile phone, or take notes during meetings on your tablet. This is BYOD: mobile devices that you bought for your own use, through which you also access work-related data.
It's easy to take this for granted and not consider the confidential nature of the information you're accessing on these devices, but even seemingly insignificant information may provide an attacker with an opportunity. Given that so much company information is either stored or accessible through our mobile devices, it is very important to keep these devices secure. The good news is that it's really not that hard to do. Below we're identified a few simple steps that will help you protect your personal and company-confidential information from being accessed and exploited by strangers.
Let's go through some of the security issues with BYOD, and learn the simple actions we can take to help protect our devices from harm.
Threat #1 -- Lost or Stolen Mobile Devices
More than 1 in 3 mobile devices are either stolen or lost by their original owner. In fact, stealing smartphones is the #1 crime in New York City! Not only does the smartphone have resell value, but the value of the data accessible from the device can sometimes exceed the resell value of the device. Just think how valuable your banking information and account passwords stored on the device can be to a thief!
How Can You Protect Yourself?
First, make sure to password lock your device! Unfortunately, less that 40% of users enable the passwords on their mobile devices, and they say the biggest reason is that it's too much of a hassle, but it's actually very quick and easy to do and makes a huge difference in terms of protecting your device. The whole point of a password is to keep untrustworthy people out of your device. To enable a password, go to the Settings in your phone. If you can't easily figure out how to do it, your IT team will probably be happy to help!