In a recent article on CITEworld, Jason Faas writes about a surprising truth when it comes to BYOD and mobile security. Quite simple he writes that there are a surprising number of organizations out there that are implementing one without addressing the other. One can deduce that organizations are implementing and taking advantage of the BYOD trend without first thinking about or implementing security protocols around those devices. Yes, a BYOD program can be convenient for employees and it can boost productivity, but if it is not managed or secured properly those end devices simply become security risks and point of access for data breaches and attacks. If left unmonitored, BYOD can be very dangerous for all parties involved.
Picture a day care facility opening its doors to 20 children between the ages of 5 – 7. Once the children are settle in and playing with their toys, finger painting and coloring they are just left unmonitored for the rest of the day. One can imagine that things will get out of hand very quickly. The children themselves are put in danger, the room and its contents are put in danger and I’m sure we have seen enough Dataline NBC reports to know that the day care facility is now in danger of penalties, fine, or lawsuits. While on a less personal and more material level, leaving BYOD programs unmonitored is the same thing. The device itself is at risk of hacking and viruses amongst other things, the company and critical data and information is at risk and depending on the industry penalties and heavy fines can be levied for data breaches and loss of information.
In his article Faas writes, “In healthcare, for example, lapses in security that expose patient data can net hefty fines. Earlier this year, for example, Blue Cross Blue Shield of Tennessee finalized a settlement with the Department of Health and Human Services for $1.5 million for a recent breach (on top of a $17 million price tag for the investigation and remediation actions)”. So while BYOD may bring a number of advantages to the enterprise it is important not to put the cart before the horse. Mobile Device Management (MDM), Mobile Application Management (MAM) and other Enterprise Mobility solutions need to be considered before taking the BYOD jump. Read Faas’ full article here.