Companies need to start determining the impact BOYD plays on them and implement appropriate policies that would balance the security concerns, as well as their employees’ requirements, writes CATHERINE BERRY.
It is estimated that, by 2018, there will be approximately 10 billion mobile devices in use globally. The harsh reality is employers cannot prevent employees from utilising their personal mobile devices in the workplace, whether it be for personal or professional use. Further, organisations typically expect a high level of productivity from employees, and the utilisation of mobile devices supports this due to the large degree of flexibility it introduces for the employee. Unfortunately, the issue is exacerbated further by the fact that employees expect the organisation’s information technology to provide support in respect of these devices. What most companies do not understand is that they are in fact liable for the consequences of employees using their own personal devices for work.
Most employees would also be shocked to discover that that their devices may be subject to discovery request in the context of litigation involving their company, and may have to surrender their personal devices (containing browser history and including personal information, photos, etc).
The challenge facing organisations is that this employee IT ownership model, generally referred to as Bring Your Own Devices (BYOD), significantly influences the traditional security model, particularly since these devices are being used to access corporate data. BYOD typically includes end users who provide their own mobile phones, use their personal tablet device at work, or where there are unsubsidised devices required for business utilisation. Organisations now have to determine what the exact impact is, in order to establish appropriate procedures and policies that would balance the security concerns, as well as their employees’ requirements.
BYOD without Borders
In an attempt to establish the organisation’s exposure to BYOD, an exercise should be undertaken to determine exactly what type of data and functionality is being exposed. Consideration should also be given to legislation which may impact hereon, such as the imminent POPI Act, as well as PCI-DSS requirements (if applicable to the organisation). Other considerations include geographical spread of the devices, given that this would not only increase risk levels, but would also require absolute clarity in respect of legislation applicable to those areas.
Password Protection, Remote Wipe & Lock & Disclosure
One of the primary concerns surrounding the security of mobile devices is the loss of such devices. Particularly in respect of the content on the mobile device being accessed, or the possibility of corporate data being accessed through channels such as VPN connections. Clearly security considerations must include password protection, encryption, as well as remote wipe procedures. Many organisations enforce ActiveSync policies, pre-installed in most consumer mobile devices, to enforce password protection and remote wipe and lock. As a further measure, employees should be encouraged to keep sensitive devices in their possession, and sight, at all times. Ensuring that regular backups are made will not only salvage lost information, but will also assist with minimising downtime by easing the transfer of the information onto a new device. Last and perhaps even more importantly, having a backup of the data will make identifying what information has been lost (and thus determining whether a disclosure needs to be made in terms of regulations) that much simpler.
Verizon’s 2014 Data Breach Investigation Report considered 63,437 security incidents, of which 1,367 were confirmed data breaches. Of this, incidents where an information asset went missing, whether it be through misplacement or malice, accounted for 9,704 total incidents, and 116 confirmed data disclosures. Out of the 9,704 incidents, the theft / loss of laptops accounted for 308 incidents, desktops for 108, flash drives for 102 and a staggering 8,929 “other devices” (where the type of device has not been stipulated). Interestingly, loss of devices is 15 fold more prevalent than theft of a device. The statistics show that, in terms of location, 43% occurred at the victim’s work area, 23% from a personal vehicle and 10% from a personal residence.
Another concern posed by the use of mobile devices in the corporate network, is the risks posed by the integration of applications into our daily lives.
Vulnerabilities within the application could potentially expose the corporate network. Malware presents a major concern, particularly given the risk of it being injected into the corporate network at large.
Effective Policing Improbable
It is vital that organisations proactively engage with employees to manage their expectations relating to the support of personal mobile devices, particularly as this may impact upon information technology support resources required. It should also be borne in mind that help desk staff may require additional training to ensure that they are able to render the necessary support. Hinging hereon is the fact that organisations have less control over these devices. This makes identifying vulnerabilities which may exist, by utilising anti-virus software, ensuring patches are regularly installed, and implementing fire walls near impossible. Even if employees do agree to BYOD policies, it is questionable as to how effectively the organisation will be able to monitor the devices for compliance.
The complexities of cybercrime risk management are more intricate that imaginable; regardless of the complications – it takes just moments from connection to infection. While staff may be protecting their personal computers, the general lack of awareness to safeguard BYOD tablets and smartphones poses a major risk to organisational cyber security. For all these reasons, businesses would be remiss to leave protection to chance, particularly in a country that is home to some of the best hackers in the world.
* Catherine Berry, Camargue Director, Commercial and Cyber Crime Division
* Follow Gadget on Twitter on @GadgetZA
Appdate: No wallet? No problem?
In his app roundup, SEAN BACHER highlights VodaPay Masterpass, Charge Running, South African App Integrator Directory, uKheshe Health and LocTransie.
Digital mobility is now a way of life and most are using smartphones to pay bills.
To meet this need Vodacom and Mastercard have launched VodaPay Masterpass, which enables Vodacom customers to load any bank card into a secure digital wallet, downloaded as an app on their smartphone. Once loaded, these cards and the secure credentials associated with them are safely stored, enabling customers to start transacting immediately without the hassle of entering card details each time they make a purchase.
Vodacom customers can buy prepaid data, airtime and SMS, or voice bundles, directly through the app. They can also select the Pay Bills menu option to settle their DStv accounts, pay a utility bill or take care of a traffic fine.
With the app’s Scan to Pay functionality, users can scan a QR code to pay for goods and services wherever Masterpass is accepted, including all SnapScan and Zapper merchants. Once a QR code is scanned, users select the card they wish to use, and enter their bank PIN number on their own device to complete the transaction.
Platform: Android and iOS
Expect to pay: A free download and users will not be charged for any transaction fees.
Most running apps track data like pace and distance and, in some cases play audio designed to motivate you, but don’t give you the push you get when you run with a friend. Charge Running is an app that lets you run alongside other runners, virtually, as well as giving live coaching to help you go the distance.
The app includes features such as:
· Unlimited access to live running classes and virtual races
· The ability to compete with runners anywhere in the world in real-time
· A live leaderboard that shows where you are in the pack to keep you pushing
· Live, personalised feedback from professional trainers
· Group chats with coaches and fellow runners throughout the run
· On-demand runs for times when you can’t join the live groups
· A choice of difficulty levels and race types
Platform: Android and iOS
Expect to pay: A free seven-day trial; thereafter R150 per month
Stockists: Visit the Charge Running site here for downloading instructions.
South African App Integrator Directory
The South African App Integrator Directory from Xero is designed to solve the complexity of choosing apps for small business owners.
The directory is now available in South Africa with six partners, including Realm Digital, Radical Cloud Solutions, Nimacc, Insights, Iridium Business Solutions and Creative CFO. According to Xero, these are all organisations with a proven track record of successfully integrating marketplace apps into Xero businesses. There are also currently over 700 apps in Xero’s App Marketplace worldwide, 21 of which are South African born.
As small businesses become more tech-savvy, they need to know exactly which apps to install on their devices and how the apps will help them. They also need to be able to install these apps from a trusted integrator so they know for what they are paying.
Platform: Any device with an up-to-date Internet browser.
Expect to pay: A one month trial version is offered, after which the App Integrator ranges from R125 to R245 per month, depending on the company’s needs.
Stockists: Visit Xero here for downloading instructions.
Click here to read about uKheshe Health and LocTransie.
Prize offered for drone films
DJI and SkyPixel, the world’s most popular aerial photography community, have announced the first short film contest inviting users to submit cinematic stories shot with camera and gimbal products. The 2019 SkyPixel Short Film Contest will accept entries until 14 October 2019. It welcomes submissions from all creators, ranging from hobbyists to social media users and professional videographers. around the globe.
The 2019 SkyPixel Short Film Contest consists of three storytelling categories—‘Big Moments Start Small,’ ‘Make Your Move’ and ‘Adventure Starts With You.’ There is no restriction on the type or brand of equipment participants use, and they can submit as many videos as they wish.
A total of 100 winners can win a range of prizes totaling $48,600 USD in categories including Recommended Films, Best Editing, Best Story, Nominated Entries, People’s Choice Prize as well as This Week’s Most Popular, sponsored by the partner SanDisk and WD brand from Western Digital Corp. This year’s Best Short Video winners will each receive the new Ronin-SC Pro Combo, Osmo Action as well as WD 2TB My Passport Wireless SSD.
Winning entries will also be showcased on the SkyPixel website as well as to DJI’s millions of fans and followers across its social media platforms.
“DJI has redefined how people capture stable video for all of life’s moments. The compact size, portability and powerful imaging system of our Osmo and Ronin series have also made it possible for anyone to take their creativity and inspirations to the next level,” said Basile David, Director of Brand and Content Partnerships at DJI. “With this contest, we hope to encourage more people to embrace and share their own creative way of storytelling.”
Since 2014, the SkyPixel online community has attracted 16 million professional aerial photographers and content creators from more than 140 countries, growing into the largest aerial photography community today. Over the past five years, SkyPixel has received over 150,000 submissions, becoming a go-to platform for original aerial masterpieces and extraordinary footage powered by other gimbal products focusing on various themes.
Details of the 2019 SkyPixel Short Film Contest
The short film contest consists of three categories:
Big Moments Start Small: Create a video showcasing the small, lightweight design of your camera device and your best cinematic scenes. Users are recommended to include at least 10 seconds of behind-the-scenes clips of their product such as DJI Osmo Pocket or other devices.
Make Your Move: Create a video showcasing the stabilized footage from your device. Users are recommended to include at least 10 seconds of behind-the-scenes clips of their product such as DJI Osmo Series or other devices.
Adventure Starts With You: Create a short, cinematic narrative film to showcase your creative skills and visual effects. Users are recommended to include at least 10 seconds of behind-the-scenes clips of their product such as DJI Ronin Series or other devices.
*Video submissions should not be longer than three minutes in length.
Submission Start Date: August 15, 2019, 2:00 AM (EST)
Submission End Date: October 14, 2019, 2:00 AM (EST)
Award Announcement: October 31, 2019