Webinar: Separation of Corporate and Personal: Best Practices for Securing Data on Mobile Devices

As the BYOD trend gains momentum, not all employees are comfortable having their personal phones locked down and controlled as tightly as a corporate-issued device. To get around this issue some organizations are turning to separation techniques to securely manage corporate email, apps, and docs on employee devices while keeping personal data out of sight and out of mind.

 

Forgoing some visibility into personal information should not compromise security or the user experience. Join the Mobile MaaSters from Fiberlink in this upcoming webinar to discover ways to manage iPhones, iPads, and Androids without sacrificing the collective expectations of BYOD-ers. During this session you will learn:
  • How to configure personal devices and enforce granular level policies
  • Methods to distribute and control corporate data on personal devices
  • When to opt for a full device wipe versus a selective wipe
  • What BYOD Privacy Settings can do to keep personal data personal
Click here to view the slides or poll results from this webinar

Beware of BYOD Harming your Company

It’s becoming more and more common for workers to store work-related documents on their smartphones, tablet computers and other devices they bring to and from work each day. While this can be convenient — employees can access important documents at home or on the road –it also creates greater security risks for businesses.

 

Employees’ devices may not be secure

Many employees’ devices have operating systems that are vulnerable to hacking attacks or viruses. This is especially true if the employee’s device isn’t running the latest version of the operating system. Phone and tablet users often don’t install the latest upgrades or even think about security risks because they’re using phones, not computers.

Both employees and business owners are generally aware of the risk to computers from viruses, malware and the like; however, they may not realize that their smartphones and tablets are vulnerable to the same attacks. Thus, they may not scan phones or tablets for viruses regularly or stay on top of upgrading the firmware on these devices.

In addition to operating system vulnerabilities, phones and tablets are susceptible to getting viruses from downloaded applications. Employees may be careful about downloading only legitimate applications; however, if a hacker attacks the application itself, users may end up downloading a compromised version of the application or an “upgrade” to a compromised version. If an employee’s device has business files on it, a hacker could steal the files. Worse, he or she could break into the business’ computer system and wreak havoc after retrieving login information from stored files.

 

Lost and stolen devices

Lost and stolen devices accounted for 50 percent of all security breaches in 2011, according to a Ponemon Institute study. If an employee loses his or her phone or tablet–or worse yet, if someone steals the device–that can lead to all kinds of security problems. For example, suppose an employee stored unencrypted files on his or her phone. If the employee loses the phone, whoever finds it might be able to access all the company’s files with just a few taps of the screen. This can happen very easily if an employee’s phone falls out of his or her pocket while sitting in a waiting room or riding in a taxicab.

 

Difficult to keep track of

BYOD security is also more difficult to keep track of. If a business manager has ten computers in his or her office, he or she can easily track computer use; IT specialists can pinpoint infected computers easily. However, there are an infinite number of tablets and smartphones that might become infected during an attack. For example, if an office has 50 employees and some employees have more than one device, it can become difficult and time consuming to determine which devices are infected. In addition, employees may share their devices with each other, making it even more difficult to keep track of who’s been doing what with the device.

 

No standardization

The problem is compounded by the fact that there are no standardized security procedures that allow business owners to manage mobile device security. Each company must create its own security policies, and there’s no objective measurement of which devices are most secure. Thus, business owners may not know which devices they should ban employees from using at work.

 

Legal impediments

While employers have the right to demand that company-owned devices follow certain security procedures, they may not have the same right when it comes to employee-owned devices. Since the devices aren’t theirs, they’re limited in what they can require.

For example, suppose an office handles a lot of confidential documents. The employer can require that all documents on his or her computer system be encrypted. However, the employer may not have the right to demand that all employees encrypt documents on their personal devices because those devices do not belong to the employer. Some states allow the employer to make rules about devices used on his or her system while others don’t; in many states, the best an employer can do is make rules limiting the type of devices that are allowed to be used on his or her systems.

 

Resolution

In order to resolve security problems with BYOD, managers should consult with IT specialists prior to allowing any mobile devices to be used. Managers need to understand which devices are most secure to use so that they can create a reasonable BYOD policy. They may also want to invest in software that helps keep track of mobile devices that are being used in conjunction with company networks so that they can more easily track devices for security purposes. Some employers require employees to download applications that encrypt files or require passwords to access the device. These measures can help cut back on security breaches from lost or stolen devices.

 

By Michelle Drolet, founder and CEO, Towerwall
Special to Corp Magazine

This article was recently published in Corp Magazine

Microsoft discovers Chinese malware pre-installed on new PCs

Microsoft has published evidence of an extraordinary conspiracy in which potent botnet malware was apparently installed and hidden on PCs during their manufacture in China. This is a big deal, the team at Towerwall has been aware that this level of threat and exploitation existed, but none the less surprised. Read the rest of the article:

Microsoft discovers Chinese malware pre-installed on new PCs

10 Things to Know Before Creating BYOD Policy

In recent years, the work place has become more mobile than ever, and the mobile worker revolution is, in large part, the reason for the rise in Bring Your Own Device (BYOD) policies. The big idea is that through the use of cloud computing-based collaboration platforms, enterprise-class companies can save a great deal of money in IT, security and overall operational costs.

While this would seem like a no-brainer, more companies are learning that the opposite is true. Both executives and employees need to know the realities of BYOD programs, and how they truly affect operations.

10 Truths About BYOD

1. Staff May Not Be Onboard

One thing that every BYOD advocate assumes is that all employees are digitally or tech minded. The reality is that some employees may actually prefer archaic technology. On top of that, they might even believe that older tech is more efficient. They also might not be excited about having to buy their own laptop or tablet PC. This is where many BYOD policies come up short.

2. It May Not Cut Costs Significantly

This is a hotly debated component of BYOD implementation. Some people say that BYOD cuts costs by shifting buying power to employees. Other people believe that BYOD policies completely overlook the financial strain such a program would put on the IT department.

3. It Can Complicate Things for the IT Department

Outside of the financial strain BYOD may or may not put on an IT department, there is the obvious concern of logistical problems that may arise. The good news is that some smart enterprise-class companies require their employees to handle all IT logistics.

The bad news is that according to a recent poll conducted by Damovo, seven out of 10 companies surveyed would still provide ongoing support for employee-purchased mobile devices. On top of this, providing support for company smartphones would be a sheer nightmare. Companies would need to hire a full-time iOS or Android expert, which is expensive.

4. Could Lead to Employee Feuds

This seems silly, but implementing a BYOD policy may induce employee feuding. As more affluent employees purchase top-of-the-line laptops, tablets and smartphones, other employees may become jealous of their productivity and flashy new gadgets.

5. Concerns Over Intellectual Property

The most pressing concern for enterprise-class and SMBs alike is the security of intellectual property. When someone leaves the company, there is no way to guarantee that trade secrets and confidential company information will not be stolen. Companies would need to invest in remote wipe services to protect their IP.  

6. Puts Tech Purchasing Power in the Hands of Employees

One of the greatest defenses of the BYOD revolution is that it cuts costs by shifting buying power from the company to the employee. It allows company employees to buy and use the devices they love, and it doesn’t cost the company a dime in purchasing costs.

7. Allows for High Levels of Flexibility

Many companies have stringent rules relating to employee use of computing devices. In many cases, employees are not allowed to take mobile devices out of the work facility.

8. Potential Data Retention Problems

In addition to security risks, unmonitored mobile devices pose the threat of data loss. Protecting against this involves increasing IT support to ensure high levels of data retention throughout the IT infrastructure.

9. Serves as a Great Teaching Tool

New mobile tech has done wonders for interactive learning at all levels. Employee-owned tablet PCs and laptops can be used to give presentations from anywhere in the office.

10. High Levels of Worker Satisfaction

Lastly, employees who use their own devices often experience more satisfaction with their work. They can feel comfortable in delivering high-caliber work with their own computing tools.

Creating a BYOD policy

There’s no one-size-fits-all solution for a problem like this. In creating a BYOD policy, you have to consider what devices you’ll need to support, how much access you will give employees, and what kind of budget you can allocate. Do you have specific compliance issues to contend with? Are you willing to subsidize data plans or device purchases? How do you ensure company data is kept safe?

If you have an existing policy for laptops, then that’s a good place to start.

Take the time to assess and weigh your employees’ desires against the needs of the company. If you can get a solid agreement in place and create a user policy that your employees are happy to sign, then it should be easy sailing. Setting up a comprehensive policy will require a lot of work upfront, but it will also safeguard you against disputes and problems down the line.

By Michelle Drolet, founder and CEO, Towerwall
Special to SmallBusinessComputing.com

This article was recently published in SmallBusiness Computing.com

Introducing our Security Training Toolkit

A customizable security training program for your review. We’re giving you all the tools you need to keep your employees out of trouble. Whether you’re starting a program from scratch, or just in need of some refresher materials, we’ve got you covered.

Here’s whats included in the Towerwall Security Training Toolkit:

  1. Program launch guide
  2. Employee handbook
  3. Email series of 10 tips
  4. Poster series of 10 tips
  5. Online videos
  6. Password quick tips
  7. Launch announcement
  8. Buy-in documents
Click here to get your Security Training Toolkit.

Hackers leak 1 million Apple device IDs

To cap off a summer of devastating corporate data breaches, hackers yesterday posted online what might be the crown jewel of 2012 data dumps: 1 million identification numbers for Apple iPhones, iPads and iPod Touch’s, all purportedly stolen from the FBI.

There may also be an additional 11 million Apple device IDs yet to be released, many with users’ full names, addresses and telephone numbers attached.

 

Read Full Article