Personal devices at work

[harlan4096]

Many companies permit the use of personal devices for business purposes – from business calls made on personal phones to corporate network connections on home laptops. Such a state of affairs is generally beneficial, however, especially in small companies: The employee is already familiar with the device, and the company saves money. The downside, however, is that the practice creates additional cyberrisks for the business.

Personal devices at work — the new normal

The number of organizations with a Bring Your Own Device (BYOD) policy has been steadily rising over the past few years. A study last year by Oxford Economics for Samsung found that mobile devices form an integral part of the business processes of 75% of companies. Moreover, only 17% of employers prefer to supply their entire staff with corporate phones. The others all allow the use of personal devices at work to some extent.

Should the protection of personal devices be entrusted to their owners?

Whereas corporate servers and workstations are, on the whole, reliably protected, the personal laptops, smartphones, and tablets of managers and employees do not always fall within the remit of the IT security department. Instead, it is assumed that owners are responsible for the security of their personal devices.

But such an approach plays right into the hands of cybercriminals. This is not mere hearsay or speculation: Incidents involving the theft or hacking of personal gadgets are happening all the time. Here are just a couple of glaring examples.

Device theft

In June of last year, Michigan Medicine reported a possible leak of about 870 patients’ data after an employee’s personal laptop was stolen. The data stored on the laptop was for research purposes and varied depending on the project, but the records potentially included names, birth dates, gender, diagnoses, and other confidential, treatment-related information.

Hacking a home computer

Whether that thief used the data from the stolen laptop is not known, but clients of the cryptocurrency exchange Bithumb were left in little doubt following a separate incident. Cybercriminals broke into the home computer of an employee and siphoned off information about the wallets of 32,000 users of the service. As a result, the miscreants were able to withdraw hundreds of thousands of dollars from Bithumb client accounts.

The exchange promised to compensate the victims out of its own pocket, but clients still filed a class action lawsuit against Bithumb for disclosure of personal information and related financial losses.

Continue Reading