Page 66 - index
P. 66
such law in the United States, organizations have to be compliant with other regulations such as
the PCI DSS (Payment Card Industry Data Security Standard), which is related to credit card
transactions, and the Health Insurance Portability and Accountability Act (HIPAA), which offers
privacy protection for personal health. When these data are stored and managed on an
employee-owned device, complexity increases.
Malicious Apps
Employee-owned devices are vulnerable to malware and malicious apps. This is why some
have labeled the phenomenon BYOM (Bring Your Own Malware).
According to Lookout, Google Store contained 32 apps that were infected with a malicious
program called BadNews. Interestingly, these apps were downloaded 9 million times in 2013.
Bit9 reports that 100,000 apps on the Android store are suspicious.
Today, hackers are finding innovative ways to access information on a device. According to
researchers at The University of Alabama at Birmingham (UAB), hackers even use music to
trigger mobile malware in a device.
Another concern for businesses is the unauthorized access to corporate data via mobile apps.
When employees download malicious apps on their cell phones, they give outsiders
unauthorized access to critical corporate data. It is a headache to impose security software and
add updates and patches on these devices.
Employees can easily uninstall the software if they feel that these apps are impacting device
performance and degrading the end-user experience.
Lost or Stolen Devices
Owing to their small form and also because they are always carried around by users, mobile
devices can easily be lost.
According to IDG research, more than 3 million handsets were stolen in 2013. Out of these
devices, 44% were left in a public place. The BBC reports that 314 mobile devices are stolen in
London every day. When devices that are registered in a BYOD network are lost or stolen,
sensitive corporate data can fall into the hands of an outsider.
Fired Employees
Another important way in which corporate data become compromised is through disgruntled or
fired employees. Employees may retain a certain amount of data even after they leave an
organization. Typically, a fired employee does not inform the HR department about data residing
on his smartphone, and this information can easily be leaked to a rival organization.
66 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
