WHY B.Y.O.D. IS B.A.D. [NJBIZ (NJ)]
(NJBIZ (NJ) Via Acquire Media NewsEdge) TECHNOLOGY: WORKPLACE ISSUES Bring Your Own Device policies may sound great, but they can bring a host of security breach issues Companies increasingly are adopting B.Y.O.D. policies - that is, Bring Your Own Device - when it comes to the electronic needs of their employees.
And there is a lot to like about the idea. Many employees love the ability to maintain their own cell numbers and use the laptops and tablets they prefer while employers love how it reduces the workload on their IT departments.
But these pluses come with a significant risk: Experts say having employees in an increasingly mobile workforce connect into company servers on their personal devices dramatically increases the chances of a security breach. These companies, they say, need to step up their vigilance.
"If you are going to encourage a B.Y.O.D. policy, you need to have a lot of security discipline, and you need to have staff to manage your environment 24/7," said Jeff Kaplan, CEO of Breakthrough Technology Group, a Marlboro-based cloud services provider that helps businesses facilitate mobile arrangements.
How vigilant companies are often depends on their size.
Large companies storing big data - be it consumer profiles or personal health records - tend to have bigger IT staffs and more sophisticated resources to fight the problem.
But experts say smaller companies, especially those with patented technology, also need to stay alert.
Those are the ones Kaplan worries about. He said many employers simply don't have the manpower to stay atop every threat - threats that become greater when employees rely on mobile devices also used for personal reasons.
"The endpoint (device) is by definition, not secure," Kaplan said.
Security breaches are not new, and every news cycle seems to bringanother example -just think of Target's recent troubles.
But the recent revelation by Edward Snowden that smart phone apps such as Google Maps and the popular Angry Birds game can be hacked to gain information demonstrates that security breaches are about more than just stealing credit card numbers from consumers.
"Cyber criminals, out of the Far East in particular, they are not interested in personal information," said Scott Vernick, a partner at Fox Rothschild LLP specializing in data security and privacy. "They are interested in trade secrets. They are interested in industrial espionage.
"That's were data security has to concern everybody, including smaller companies." Kaplan saidhis company protects client data by installing virtual desktops on its servers. The desktops require specific logins and passwords when clients are accessing them for work reasons, thus separating business from personal use of mobile devices. Kaplan said BTG monitors security around the clock for its clients through a private cloud system.
"You don't need to monitor the firewalls 24/7; we'll do that," Kaplan said.
Vernick said companies are aware of the pervasiveness of data threats, but too many avoid upgrades that require upfront costs, instead waiting to act after a breach.
"Most businesses are reluctant to spend the dollars necessary," Vernick said. "It's an expensive proposition, but do you want to spend up front, or do you want to spend on the back end, when it becomes a lot more expensive?" Mobile and remote communication in the workplace is likely to expand as enabling technology becomes more mainstream and prices fall. Take video and web conferencing, for example.
"What used to cost millions and millions of dollars, both in terms of equipment and networking, are now moving into the very affordable range," said Greg Douglas, vice president for the public sector at Yorktel, an Eatontown-based provider of visual communication services to business.
Plus, employees expect remote flexibility. Kaplan said companies are going to have to be mobile-friendly to attract younger workers used to multitasking on their smart phones - and on the brand of smart phone they want to use.
"Everyone wants to use an iPad. Everyone wants to be able to work wherever they want, when they want," Kaplan said.
Douglas said companies should consider adopting a virtual private network, which uses public networks to provide remote offices or individuals with encrypted access to their organization's network.
Ultimately, Douglas said security is a human problem. It starts with decisions involving simple things such as passwords before working its way up to the physical, such as data centers.
Now that assets are as likely to be based on information as they are bricks and mortar, Vernick said companies need to think through the implications.
"Unfortunately it often takes a data breach to focus people's attention," Vernick said. "As we tell clients: An ounce of prevention is worth a pound of cure." Security checklist For companies planning a telecommuting policy, or simply reviewing security involving mobile work arrangements, Vernick said having or doing the following are musts.
* Limiting remote access to proprietary information to only those employees who require such access * Installing antivirus software and encrypting laptops * Remote wiping, a security feature that allows a network administrator or device owner to delete data by sending a command to a smart phone, tablet or laptop * Immediate notification in the event of a theft or intrusion * Keeping all devices or hardware in a secure location * Strong passwords and routine change of passwords * Firewall monitoring and alarms Data Breach 411: There's an app for that Fox Rothschild, a law firm with offices in Lawrenceville and Philadelphia, has released an app via the iTunes store that tells businesses how to prepare and respond to a data breach. Scott Vernick, a partner who helped create the app, said a big reason for its necessity is that 46 states have distinct data breach laws. The app helps users navigate through varying statutes. It also explains HIPPA and HITECH statutes with breach notification and rules, and provides links to credit agencies, credit monitoring services and the Federal Trade Commission website.
"What we wanted to do is put that information at their fingertips," Vernick said.
E-mail to: [email protected] (c) 2014 Journal Publications Inc.