Summertime Security & Shadow IT Concerns

Posted on May 28, 2015

Vacationing_employee_with_iPhone_by_Stockpix_on_PixabayNow that Memorial Day has come and gone, the annual exodus of employees is beginning ? and the new summer interns are arriving en masse. That means that the smartphones and tablets your employees use for business are about to go on holiday with their owners or users ? and that means it?s time to take a close look at the security and shadow IT concerns that come with the season.

A recent Bitdefender study analyzed 836,021 Android applications available in the Google app store, and found:

  • 35% of the apps analyzed can track a user?s location
  • 3% can track a user?s location without their knowledge even when the app is running in the background
  • 6% can send the device location over the Internet

Lest that last number seem small, consider this bit of data from the report: 3% of the apps analyzed in the study can divulge e-mail addresses over the internet ? and of these, 1,749 apps uploaded the address over an encrypted connection, while 1,661 sent the information over an unencrypted connection that could easily be intercepted. How many of these apps are on devices used by your employees? In a press release about the study, Catalin Cosoi, chief security strategist at Bitdefender says, ?Our latest study shows that most smartphone or tablet owners have at least one app ? and probably several ? that could be used to siphon sensitive data that could put the owners at risk.?

Advice for Vacationing Employees

Jared Hansen, CEO and founder of secure mobile printing leader Breezy, says that it?s a good idea to remind employees of the need for extra vigilance during the vacation season. ?When people go on vacation, they?re more relaxed and probably don?t even think about the risks involved in printing boarding passes and directions in a strange place, ?checking in? at various tourist attractions, posting photos of their vacation online, and downloading apps to make it easier to access local services. But all of those things pose a risk to mobile device security, and to the company data stored on those devices,? he says.

So the beginning of the summer travel season is a great time to remind employees about mobile security, as part of any ongoing training IT provides for users. The importance of computer security awareness training is supported by numerous recent reports including IBM?s 2014 Cyber Security Intelligence Index which found that 95 percent of all security incidents involve human error.

These tips, which can become part of ongoing security training and outreach programs, can help reduce the risk of a data breach caused by a lost or stolen mobile device or a risky app.

  1. Use secure Wi-Fi hotspots: When you travel, the lure of a free Wi-Fi hotspot can be hard to pass up, but free Wi-Fi hotspots are prone to traffic sniffing and malware distribution. Imagine that someone sitting next to you at the airport, hotel lobby, or cute local coffee shop near the beach isn?t really checking his email. Instead, he?s intercepting your online activity, and can see every bit of information you access, including your banking credentials. It?s a very real threat.
  2. Pay close attention to mobile apps: If you need to download apps to help you identify hotels, restaurants, museums or locate taxis in an unfamiliar area, be sure to install only mobile apps from trusted, reputable sources. Otherwise, pirated apps might share your contacts, location services, photos, microphone and other sensitive data and features.
  3. Backup your personal data at home or in the cloud: If your device is used for both business and personal data, don?t put yourself in the position of losing personal data if your employer has to remotely wipe a lost or stolen device. Users with insecure devices are increasingly being targeted by cyber criminals.
  4. Password-protect and encrypt your device: If someone steals or finds your device, blocking that person from accessing your private pictures, contact list or text messages is definitely reassuring. It is vital to lock your mobile device screen with a PIN, strong password or pattern. This is the first measure you can take to avoid prying eyes.
  5. Do not access links or open attachments from random e-mails or texts: Just as with desktops and laptops, e-mails via mobile devices can carry malware in attachments or include links to dangerous pages. Ransomware and other financial malware are also known to spread via especially crafted social engineering schemes. It is best to refrain from clicking suspicious links or opening attachments from e-mails with an unknown sender, and to install an antivirus solution to alert you of unsafe sites.
  6. Be careful about revealing your location: Checking-in at restaurants, bars, hotels or landmarks may be fun, but it is not privacy-friendly. Mobile device users should disable GPS technology before taking photos with smartphones if they later plan to post these photos online.

Shadow IT & Summertime Travel

Former First Lady and Secretary of State Hillary Rodham Clinton is in a big email mess over running her own email server out of her house. But if you look beyond the political firestorm, it?s just another example of shadow IT.

As ZDNet editor-in-chief Larry Dignan put it, the Clinton email fiasco is the same kind of shadow IT faced by many CIOs. ?If you look as Clinton as an employee of the State Department, here?s what happened,? Dignan writes. ?Clinton was a top exec and those folks often get to push IT around. How do you think the iPad and iPhone became an enterprise juggernaut? You guessed it. The CEO wanted one.

?The email infrastructure Clinton ran was techie, but how many of you are conducting work on personal accounts? Thought so. You may not have federal records laws, but you're ignoring IT policies almost daily.

?Security issues often are tossed aside for convenience. For Clinton it was a homemade email server. For the rest of us it's a personal cloud storage account.?

One of the most common forms of shadow IT that endangers company data is the use of unsecured consumer apps to print information ? boarding passes, travel itineraries, presentations and sales literature, etc. ? when employees are on the road.

How will your employees handle the need to print while they?re travelling this summer? Hansen points out that Breezy?s secure mobile printing solution allows on-device encryption for files before they are sent to a printer, thereby reducing the risk of a man-in-the-middle attack that could compromise personal or company data.

Breezy adds an extra layer of protection to the mobile devices that connect to your network or store your data. For more information on mobile device security and secure mobile printing, watch this video from Breezy, download The Definitive Guide to Mobile Printing, a free ebook, or click here to schedule a Breezy demo now. If you?re a MobileIron user or are in the Bay Area or Silicon Valley, stop by to see Breezy during MobileIron?s Mobile First Conference, June 9-12, 2015, at the Hilton Union Square in San Francisco. There?s still time to register ? click here to register now.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.