BYOD and COPE are probably the most important buzzwords at the moment when it comes to the use of mobile devices in companies. The simultaneous professional and private use of smartphones and tablets may correspond to today’s standard in the digitalized world and be practical to use – but it poses a number of risks for companies: the data is unsecured and allows potential attackers to access sensitive data “through the back door”, so to speak. What’s more, anyone who loses the necessary control over company data risks violating legal regulations and compliance requirements.
But what exactly is the danger for your company and what should you pay attention to?
These examples show how dangerous it is if the proliferation of mobile shadow IT is not curbed.
1. unencrypted e-mails
Work emails sent via a private smartphone offer attackers valuable insights into the company, from the subject and email text to attachments of internal documents. The problem usually lies in inadequate security: there is neither end-to-end encryption of emails nor are the security precautions in public WLANs sufficient to prevent data from being intercepted. Anyone who does not want company secrets to be read and forwarded in unencrypted emails should exercise particular caution here.
2. data-hungry apps
Anyone who uses messenger services should also be particularly vigilant: there are also “legal ways of leaking information” that are due to the way some applications work. In the case of WhatsApp, for example, this is access to the contact list, which may also contain business contacts. In this case, your company would be violating the provisions of the GDPR, which stipulates that personal data may not simply be processed and forwarded without consent. As a result, you would no longer have full control over the data and would therefore no longer be able to document where personal data is stored or delete it. The GDPR also requires a strict separation of private and business data. If you do not adhere to this, you could be held liable for severe fines. If you want to take a bow, you should be aware that WhatsApp and the like are not permitted for business use.
3. storage of sensitive documents
Mobile devices are, as the name suggests, mobile. And this is precisely where the risk lies: If employees store documents containing sensitive company data on their mobile device, there is a high risk of this information falling into the wrong hands in the event of theft or loss. In the worst case scenario, anyone can view the data. If a device is lost, damaged or stolen, any data stored on it is also gone. IT should create real-time backups and remotely delete the data from the device in the event of theft, as this type of data loss could cause immense damage to your company’s reputation.