Some 39% of all data breaches occur because end devices – laptops or smartphones – vanish one way or another. This is what the Ponemon Institute disclosed in its study, “The Post Breach Boom,” which was published in February this year. Enterprises must take action to protect themselves: According to the IT decision-makers who were surveyed: 54% believe that the gravity of data breaches has increased over the past two years, while 52% think that data breaches have become more frequent in the same period.
Another aggravating factor is that mobile devices are ever more prevalent in the business world. Smartphones are becoming more important and contain more – and more critical – company data as the workplace itself gets more mobile. At 28% of companies who participated in the survey, BYOD (bring your own device) was commonplace, say market research experts IDC. But very few of those companies really think about what’s happening to their data.
Apps can be full of holes
Standards that regulate the access to data on the device are rare. Numerous investigations revealed that individual apps were literally full of holes, transmitting information about contacts, personal photos, and – possibly – all data on the device to other companies without the user’s awareness.
Next page: Encryption is key to data protection
In a best-case scenario, devices that are lost or stolen can be blocked remotely. However, even if this occurs, the data is not really protected, since it is stored unencrypted on the devices themselves. Companies probably don’t even know exactly what data has been lost. This is because BYOD tends to be tolerated informally rather than officially sanctioned. There is often no companywide policy about what data can be stored on mobile devices and what data cannot.
Enterprises that don’t take the security of their cell phones and tablets seriously enough will sooner or later have to pay the price. This message has been understood and many companies are acting upon it. “2013 will be the year that mobile device management will be redefined,” say the IDC analysts in their white paper, “Addressing the Growth and Complexity of Information Security Concerns.”
Stopping data theft
Relevant topics include dealing with malware and spyware, creating standards for locking and wiping devices, secure data connections such as VPN und SSL and, especially, the issue of encryption: How can you ensure that no one gets to the data on the device, even if they manage to open it, remove the hard drive, and access it directly?
Just finding an answer to this one question can make experiencing the loss or theft of a device much less of a risk. A recent study by the United States Department of Health and Human Services discovered that almost 40% of “large data breaches” were caused by lost or stolen devices. “If the information on the devices had been encrypted, the data would have been secure and no breach would have occurred,” the IDC analysts conclude.
Starting here then must surely be a good idea.