Jerry Jones CPA
Wouldn’t it be nice to have a CPA that you deal directly with, that understands your business, that works in all 50 states and is there for you when you need him?
“For more than 30 years I have relied on Jerry to provide me with critical guidance for both investment decisions and tax strategies. His opinions have been crucial in helping me make the best possible business decisions, as well as providing me with sound advice regarding personal tax planning”.
Steve T., Taxpayer

Bring Your Own Device

Carolyn Schrader, CEO of Cyber Security Group, Inc.

We love our devices – smartphones, tablets, laptops. We love being able to read tweets as we stand in line for our morning java, do quick work over lunch, and check emails while we wait for a meeting to start. Bring Your Own Device (BYOD) is part of today’s business technology network.

Unfortunately, BYOD poses huge security issues for businesses. Smartphone theft – with customer data on the device – is one of the most common theft crimes. 30-40% of major city robberies today include smartphone theft. Lost smartphones in bars and taxis is commonplace. Last year, over 10,000 smartphones were lost every month in Chicago taxis alone. Over 1.6 million phones were stolen in the United States in 2012.

The devices are often stolen for the data potential as well as the phone resale value. There is an extensive underground market in confidential data and contact information, as well as the immediate potential of accessing the device owner’s bank and credit card accounts. Criminals can leverage information about company network sign-on codes and email addresses to illegally hack into a company’s network. The stolen device is a gateway to bigger results for a cyber-criminal.

The financial risk can be huge also. 45% of businesses with less than 1000 employees reported mobile security incident costs exceeding $100,000. Costs can include mitigating security measures, data breach communications to customers, implementation of stronger protocols, and collaboration with law enforcement agencies.

What Businesses Can Do

1. Develop a BYOD policy. Businesses need to document what is acceptable and expected of their employees when using a BYOD. Businesses need to at minimum set basic standards such as:

  • Ask employees to set a password/access code on their device. Make it harder for criminals to access the device’s content. It may give the employee time to wipe content before the crooks access confidential data.
  • Use an app to locate the phone or tablet. One company, Lookout, has a version for businesses so an administrator as well as the employee can locate a lost device.
  • Clarify what data the employee can retain when they leave the company’s employment. Identify what data will be wiped upon termination.
  • Spell out what expectation of privacy the employee can have. For example, can an IT administrator or HR representative review all emails stored on the phone, regardless of personal nature. If the company owns the phone the expectation may be different than if the employee owns the phone.

2. Educate employees about risks of downloading apps. Employees should only load apps from trusted app stores and after checking product reviews. Many apps are developed without any security checks embedded. This leaves an easy way for a hacker to access network information from a stolen device.

3. Educate employees on safe browsing; it is more common to link to a malicious web site on a smaller device than on a laptop or PC since people are geared to taking quick actions on a mobile device.

4. Consider smartphone antivirus software. Android devices are considered prone to viruses. Check out this review for some security providers: http://mobile-security-software-review.toptenreviews.com/.

5. Investigate cyber security insurance to cover lost/stolen devices and the data. The cost of recovering from data lost can be extensive, especially if the business must inform customers that they had a data breach.

6. Encrypt confidential files. Most major anti-virus companies now offer mobile device encryption software. Or check out a reputable app store for encryption specific app.

7. If an employee loses a device and it can’t be located with the locate phone app, the loss should be reported to the phone carrier. They maintain a database which helps prevent anyone using the phone again. If a device is lost, it also should be reported to the local law enforcement agency. The agency may not find the device, but the report helps when a gang of thieves is involved. All data should be eased remotely is that feature is available.

The increased problem of BYOD and mobile security has generated a broad selection of resources. The Federal Communications Commission (FCC) issues several useful guides for smartphones. You can find them at www.fcc@gov. The National Cyber Security Alliance also provides information on mobile security at www.staysafeonline.org. Cyber security consultants work with CPAs and their clients to tailor solutions based on their specific business risks.

For more information, contact Carolyn Schrader, CEO, Cyber Security Group, Inc. at 775.881.8980 or cschrader@cyber-securitygroup.com .

Sources:

  • Impact of Mobile Devices report, Check Point 6/13
  • Information Security 2013 report
  • Bloomberg BusinessWeek 2/14/13
  • CIO Magazine, 11/18/13
  • Consumer Reports, 6/13
Designed by NJ Designs