Tag Archive for Data loss

| January 29, 2015
Comments Off on Are Firms Ignorant About BYOD Issues?

Are Firms Ignorant About BYOD Issues?

Are Firms Ignorant About BYOD Issues?Enterprises are being ignorant towards the issues BYOD is causing to their business says backup vendor Acronis. James Rawbone, Senior Partner Account Manager EMEA, Enterprise Mobility Solutions at Acronis, shared his opinions with Desire Athow at ITProPortal on why and how enterprises are being ignorant towards BYOD issues.

Acronis logoThe Acronis 2013 Global Data Protection Trend Report developed by the Ponemon Institute identified five surprising BYOD trends:

1. There are big gaps in secure BYOD policies across organizations. The Acronis survey found that 60% of businesses have no personal device policy in place, and those with policies 24% make exceptions for executives, who are most likely handling the most sensitive corporate data. As a result, these organizations are increasingly vulnerable to data loss and serious compliance issues.

2.Simple security precautions are not being adopted. The survey found only 31% of companies mandate a device password or key lock on personal devices, and only 21% do remote device wipes when employees leave the company, drastically increasing the risk for data leakage.

3.Businesses underestimate the dangers of public clouds. The researchers report that corporate files are commonly shared through third-party cloud storage solutions such as DropBox, but 67% of organizations don’t have a policy in place around public clouds and 80% haven’t trained employees in the correct use of these platforms.

compatibility and interoperability are still big obstacles4.The growth of Apple (AAPL) devices is complicating BYOD security for administrators. 65% of organizations will support Macs in the next year, and 57% feel compatibility and interoperability are still big obstacles to getting Macs compliant with their IT infrastructure. This puts data stored and shared across the corporate network and on Apple devices at risk.

5.Some organizations are ignoring the benefits of mobile collaboration altogether. More than 30% surveyed actually forbid personal devices from accessing the network.

 tight budgetsMr. Rawbone sees two reasons organizations are not educating or training their employees on the risks of BYOD. First is time and money. Most companies have tight budgets across the board and in particular within their IT department, as well as their overall staffing. The second excuse for not training their staff is that they are unaware that their staff is using these solutions, or they are turning a blind eye to the issues effect their corporate data and overall IT infrastructure.

The Acronis Senior Partner told ITProPortal there are legal and compliance issues associated with BYOD; but generally BYOD can be adapted to each compliance regulation and rule. The main concern of BYOD is data protection and ensuring that as employees bring devices to-and-from the workplace, confidential corporate data is adequately protected while remaining easily accessible. An important part of data protection, often not addressed by BYOD strategies, includes ensuring that information and records comply with privacy laws like the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX), as well as specific industry and regional privacy regulations.

data protection Mr. Rawbone concludes by reminding the author that the important thing every business needs to remember is that mobile devices can be replaced for a small cost in comparison to having your confidential data stolen and used incorrectly.

Companies need to embrace technological evolution and look at the business benefits of BYOD. Otherwise, he claims they will be facing some serious network and data issues and worst of all potentially facing some legal problems in the coming future.

mobile device security policyCreating a mobile device security policy doesn’t have to be complicated, but it needs to encompass devices, data, and files. The article lists a number of simple things organizations should do, like require users to key-lock their devices with password protection. 68% of those surveyed use VPN or secure gateway connections across networks and systems, and 52% use Microsoft (MSFT) Active Directory and/or LDAP. The simplest place to start is to use device key-lock and password protection.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| April 6, 2011
Comments Off on BP Data Spill

BP Data Spill

Data breachNational Public Radio (NPR) reports that British Petroleum‘s (BP) problems in the U.S. now include a data spill as well as the oil spill. BP is paying compensation amounting to $4,000,000,000 to victims of its mishap incident disaster in the Gulf of Mexico last summer. Now BP has lost the personally identifiable information (PII)  on approx. 13,000 of its victims are seeking compensation for oil spill damages. NPR reports that names, addresses, phone numbers, and social security numbers, were lost opening these people to identity theft.

BP Gulf of Mexico oil spillBP spokesman Curtis Thomas told NPR that the oil giant mailed letters to roughly 13,000 people whose data was stored on the missing computer, notifying them about the potential data security breach and offering to pay for their credit to be monitored. The company also reported the missing laptop to law enforcement, he said. The laptop was password-protected, but the information was not encrypted, Mr. Thomas said.

The employee lost the laptop on March 1 during “routine business travel,” said BP’s Thomas, who declined to elaborate on the circumstances. “If it was stolen, we think it was a crime of opportunity, but it was initially lost,” Thomas said. Asked why nearly a month elapsed before BP notified residents about the missing laptop, Mr. Thomas said, “We were doing our due diligence and investigating.”

Matt O’Brien, the part-owner of Tiger Pass Seafood, a shrimp dock in Venice, La., who said he had filed a claim with BP, told an AP reporter this was the first he had heard about the possible compromise of his personal information by BP. “That’s like it’s par for the course for them.” Mr. O’Brien said of BP, “They can’t seem to do nothing right.”

Once again, 13,000 lives are disrupted because a single laptop that was not encrypted, was lost or stolen “during routine business travel.” SophosNaked Security blog pointed out in 2008 that laptops are easy to lose. The security vendor cited a survey that found that 12,000 laptops are lost every week at U.S. airports alone.

In that 2008 survey, almost three years ago now, 53% of people said that their laptops contained confidential business information, with two-thirds having taken no measures to secure their data. Clearly, some companies still aren’t taking proper measures.

rb-

As BP again has demonstrated, we all need to lift our game, As Sophos says, even if your organization is willing to take risks with your own data, firms have a clear moral duty not to take risks with data you keep about other people.

During these economic times, many organizations are saving a few pennies by doing as little as possible about encryption-related security. Why not consider the value of encryption to your business, instead of considering only the cost?

What do you think?

Oil spills, Data spills, Outrageous gas prices – Is BP out to get the U.S.?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Data protection | Tags: , , , , ,