Soonr specializes in secure file sharing and data collaboration. Soonr discovered in a recent survey that many technologies and software applications used to create a mobile 24×7 workforce are unknowingly putting company data at risk.
The Hazards of Bring Your Own Device to Work
Employees working on their own devices, such as smart phones, and personal computers introduce new security risks to corporate data. For example, employees working on company files on their own devices make corporate data vulnerable to theft via malicious software that is stealing files. Keystroke loggers could record corporate network login credentials as well as personal bank account login information. Working on personal devices also puts corporate data on machines outside the corporate firewall. This hurts IT security because Soonr’s study found that only 9% of those surveyed considered security corporate data a concern. The ease of sharing data was a priority to 76% of users, while the security of that data in the single digits.
How File Sharing Puts Company Data at Risk
Email was listed as a preferred method of sharing business files away from the office by 69% of respondents. File sharing systems were listed by 52% of the respondents. However, this introduces a number of security holes. NSA snooping of personal email traffic aside, using personal email to share files could result in data spills when someone’s email account is hacked. File sharing systems like Dropbox are potentially worse. In August, 2013, Business Insider reported that Dropbox could be hacked. Files containing malicious code were given Microsoft Office suffixes and names that matched other files on the user’s system. These Trojan files were loaded to the corporate network from the user’s machine when files were synced. Now the security researchers had malware on the corporate network that could be activated, bypassing a corporate firewall and other IT security measures. Chinese hackers have shared malware by sending links to infected Dropbox locations. File sharing services on personal computers like Kazaa have already resulted in sensitive documents accidentally loaded from personal computers of telecommuters to the internet; these types of data spills will only get worse as telecommuting and remote work become more common.
The Risk of Tolerating a Diversity of Devices
Soonr found that employees are using almost any device at hand to access business content. Laptop computers remain the most popular, used by 73% of respondents. Smartphones were used by 69%. Desktop computers are barely half of all users, with tablets now used by 48% of users. This introduces a number of IT security risks. For example, an employee may maintain IT security updates on a laptop or desktop computer. How many of these same users are as diligent in running security scans and updates of a smartphone or tablet computer?
Lessons to Learn from the Soonr Study
Employees who want to use their own devices must agree to maintain the same diligence with maintaining security patches as they observe on work computers. Unsecured file sharing applications like Kazaa and Limewire should not be permitted on devices that hold corporate data. Employees should send links to secure data repositories to themselves so that the data is only accessible via dual factor authentication, not visible to anyone who sits down at his or her computer to check email.
Using secure data repositories with access limited to those with an account on the repository also prevents sensitive files from being unwittingly sent to a third party. And finally, employees need to be recognize that data security is essential to remote or mobile work, not a secondary consideration to convenience.