Companies need to start determining the impact BOYD plays on them and implement appropriate policies that would balance the security concerns, as well as their employees’ requirements, writes CATHERINE BERRY.
It is estimated that, by 2018, there will be approximately 10 billion mobile devices in use globally. The harsh reality is employers cannot prevent employees from utilising their personal mobile devices in the workplace, whether it be for personal or professional use. Further, organisations typically expect a high level of productivity from employees, and the utilisation of mobile devices supports this due to the large degree of flexibility it introduces for the employee. Unfortunately, the issue is exacerbated further by the fact that employees expect the organisation’s information technology to provide support in respect of these devices. What most companies do not understand is that they are in fact liable for the consequences of employees using their own personal devices for work.
Most employees would also be shocked to discover that that their devices may be subject to discovery request in the context of litigation involving their company, and may have to surrender their personal devices (containing browser history and including personal information, photos, etc).
The challenge facing organisations is that this employee IT ownership model, generally referred to as Bring Your Own Devices (BYOD), significantly influences the traditional security model, particularly since these devices are being used to access corporate data. BYOD typically includes end users who provide their own mobile phones, use their personal tablet device at work, or where there are unsubsidised devices required for business utilisation. Organisations now have to determine what the exact impact is, in order to establish appropriate procedures and policies that would balance the security concerns, as well as their employees’ requirements.
BYOD without Borders
In an attempt to establish the organisation’s exposure to BYOD, an exercise should be undertaken to determine exactly what type of data and functionality is being exposed. Consideration should also be given to legislation which may impact hereon, such as the imminent POPI Act, as well as PCI-DSS requirements (if applicable to the organisation). Other considerations include geographical spread of the devices, given that this would not only increase risk levels, but would also require absolute clarity in respect of legislation applicable to those areas.
Password Protection, Remote Wipe & Lock & Disclosure
One of the primary concerns surrounding the security of mobile devices is the loss of such devices. Particularly in respect of the content on the mobile device being accessed, or the possibility of corporate data being accessed through channels such as VPN connections. Clearly security considerations must include password protection, encryption, as well as remote wipe procedures. Many organisations enforce ActiveSync policies, pre-installed in most consumer mobile devices, to enforce password protection and remote wipe and lock. As a further measure, employees should be encouraged to keep sensitive devices in their possession, and sight, at all times. Ensuring that regular backups are made will not only salvage lost information, but will also assist with minimising downtime by easing the transfer of the information onto a new device. Last and perhaps even more importantly, having a backup of the data will make identifying what information has been lost (and thus determining whether a disclosure needs to be made in terms of regulations) that much simpler.
Verizon’s 2014 Data Breach Investigation Report considered 63,437 security incidents, of which 1,367 were confirmed data breaches. Of this, incidents where an information asset went missing, whether it be through misplacement or malice, accounted for 9,704 total incidents, and 116 confirmed data disclosures. Out of the 9,704 incidents, the theft / loss of laptops accounted for 308 incidents, desktops for 108, flash drives for 102 and a staggering 8,929 “other devices” (where the type of device has not been stipulated). Interestingly, loss of devices is 15 fold more prevalent than theft of a device. The statistics show that, in terms of location, 43% occurred at the victim’s work area, 23% from a personal vehicle and 10% from a personal residence.
Another concern posed by the use of mobile devices in the corporate network, is the risks posed by the integration of applications into our daily lives.
Vulnerabilities within the application could potentially expose the corporate network. Malware presents a major concern, particularly given the risk of it being injected into the corporate network at large.
Effective Policing Improbable
It is vital that organisations proactively engage with employees to manage their expectations relating to the support of personal mobile devices, particularly as this may impact upon information technology support resources required. It should also be borne in mind that help desk staff may require additional training to ensure that they are able to render the necessary support. Hinging hereon is the fact that organisations have less control over these devices. This makes identifying vulnerabilities which may exist, by utilising anti-virus software, ensuring patches are regularly installed, and implementing fire walls near impossible. Even if employees do agree to BYOD policies, it is questionable as to how effectively the organisation will be able to monitor the devices for compliance.
The complexities of cybercrime risk management are more intricate that imaginable; regardless of the complications – it takes just moments from connection to infection. While staff may be protecting their personal computers, the general lack of awareness to safeguard BYOD tablets and smartphones poses a major risk to organisational cyber security. For all these reasons, businesses would be remiss to leave protection to chance, particularly in a country that is home to some of the best hackers in the world.
* Catherine Berry, Camargue Director, Commercial and Cyber Crime Division
* Follow Gadget on Twitter on @GadgetZA
CES: And thanks for all the beer!
Last week, the Las Vegas expo showed off its fun side with state-of-the-art technologies for making and enjoying beer, writes BRYAN TURNER
From craft beer-making machines to robots that pour beer, CES had more beer than usual in Las Vegas last week. And even free beer if you found the right stand. Stampede’s saloon-style booth offered beer to visitors who tried out its latest drones, virtual reality, and other gaming products. No beer tech, though.
Here are some of the beer technologies that stood out:
LG HomeBrew – Craft beer made at home
LG’s HomeBrew craft beer-making machine, debuted at CES 2019, brings the brewing process home thanks to single-use capsules, a self-cleaning feature, and an algorithm optimised for fermentation.
Like a Nespresso coffee machine, the beer maker uses capsules, which contain malt, yeast, hop oil and flavouring. At the press of a button, LG HomeBrew automates the whole procedure from fermentation and carbonation to ageing. A companion app lets users check HomeBrew’s status at any time during the process, from their handsets.
The beer machine not only offers a simple way to make craft
Designed with discerning beer lovers in mind, HomeBrew allows for in-home production of batches of more than 4 litres of beer in a variety of styles. The following five distinctive, flavoured beers are available now:
- Hoppy American IPA
- Golden American Pale Ale
- Full-bodied English Stout
- Zesty Belgian-style Witbier
- Dry Czech Pilsner
The only catch? It takes about two weeks to make, depending on the beer type.
“LG HomeBrew is the culmination of years of home appliance and water purification technologies that we’ve developed over the decades,” said Dan Song, president of LG Electronics Home Appliance & Air Solutions Company. “Homebrewing has grown at an explosive pace, but there are still many beer lovers who haven’t taken the jump because of the barriers to entry, like complexity, and these are the consumers we think will be attracted to LG HomeBrew.”
Click here to read about the party speaker that holds beer and robots that pour beer.
CES: Alienware gets Legend-ary
At CES in Las Vegas last week, Dell’s Alienware released a family of high-end, thin, light, and affordable machines for both amateur and professional gamers – and a new identity.
Alienware marked CES 2019 as a brand milestone with the debut of a new design identity, Alienware Legend. It aims to set a new bar of excellence for what gamers want most – performance and function. Alienware says it evaluated multiple concepts and chose one that was the biggest and boldest departure from its current look.
Alienware Legend, says the company, stays true to the brand’s core design tenets, taking cues from its deep roots in sci-fi culture and its early industrial designs, to distinguish the brand from the rest of the industry. The new Legend design is optimised with cutting-edge thermal cooling technology to achieve and sustain overclocking power, improved AlienFX lighting, and ultra-thin screen borders. It also unveiled a new “three-knuckle hinge” design that reduces the overall dimension while creating a stronger assembly, all combining to yield a better gaming experience.
“We’re excited to come to this year’s CES with some truly groundbreaking products, next-gen software and strategic partnerships that will bring more people to experience PC gaming and advance the industry,” said Frank Azor, vice president and general manager of Alienware. “The legend design answers the call for more and better from our gaming community, and the new G Series laptops will make PC gaming even more accessible to those looking for high-performance gaming at a cost they can appreciate.”
Click here to read about Alienware Legend in action with the Area-51m and m-series laptops