In the past five years alone, the amount of mobile data has grown eighteen fold (Cisco Mobile VNI, 2017). Security concerns are at the forefront due to the reliance on mobile devices for both business and personal use, along with the ever-increasing data usage. There are two concepts of mobile security; physical and data. Physical security can consist of theft, over-the-shoulder techniques, biometric passcodes, and others. Data security deals with downloading applications containing malware, unpatched and vulnerable software, Bluetooth vulnerabilities, and open Wi-Fi spots. This video podcast and companion article will give you an overview of the current threats to mobile device security and what you can do to mitigate them. With an ever growing dependence on mobile devices, the security of these devices is paramount. This is part 2 of a 2 part series on mobile security. Part 1 is available here: https://www.csiac.org/podcast/mobile-security-part-1/
Read the CSIAC Report to learn more about mobile security: https://www.csiac.org/csiac-report/mobile-security/
Should corporations who now allow their employees to “Bring Your Own Device” to connect with Corporate networks be held more liable for inadequate risk management when a breach occurs because of great connectivity to unsecured devices?
As always, companies should implement best practices security policies in order to ensure proper data separation of BYOD devices and sensitive information. Implementing features such as Mobile Device Management (remote device wiping) can help mitigate data exposure from device loss. Providing VPN network capabilities can also mitigate the risk of data exposure. Companies may also implement role based access based upon device ID for internal services.
In summary, companies can strive to implement the best practices and policies possible, but it is never 100% risk free when using BYOD policies. The matter of company liability is more of a subjective opinion based upon the situation of the particular data breach and the type of services and data that are compromised.