Emphasis on consumer security and mobile devices tend to be focused on the impact of consumers. The problem with only considering this aspect and not a broader picture is that consumers also work for or interact with brands, on and off the clock. This internal audience is using smart phones to increase productivity through apps that allow drop box sharing, editing, and note taking (example: Evernote). While these apps have helped to increase productivity and bridge the gaps between global offices, they also provide data security concerns.
According to a Security Affairs blog posting security threats through users online behaviors need to be considered by businesses. “In many cases wrong behaviors of users [employees], the failure to comply with security policies and leak of awareness on the cyber threats that could target a systems representing main factors that could expose overall integrity of an IT solution”.
An article on The Sociable suggests corporations take control of how and what employees are doing with their mobile devices by giving the IT departments complete control over data and apps. The main reason, any data can be compromised unless encrypted. Use of apps and Internet browsing opens up the ability for third parties to track and sell information about everything the user is doing.
While it is important to keep employees informed about company security and data protection measures, it is also important to provide them information on security measures for their personal devices. Social media platforms can inform cyber criminals where individuals work for easy attacks. Security Affairs explains, “Thanks to Social networks it is easy to identify prime victims within Enterprises and send them a message with a malicious attachment or a link to a compromised web site”. Another concern is if employees keep passwords and usernames consistent across personal and work accounts one breach can lead to breached in other accounts.
Individual and company mobile security go hand-in-hand. How many of you have had your employers address data security issues? Have they only addressed work related devices and accounts?