Feds: You have a BYOD program whether you like it or not



Similar documents
White Paper. Three Steps To Mitigate Mobile Security Risks

Whitepaper. Mobile Security. The 5 Questions Modern Organizations Are Asking

Whitepaper. Mobile Security. The 5 Questions Modern Organisations Are Asking

The Truth About Enterprise Mobile Security Products

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

Cisco AppHQ Enterprise Application Center: Deploy Mobile Business Apps with Confidence

Apple has been popularized by businesses and their employees as they continue to utilize

White Paper. Data Security. The Top Threat Facing Enterprises Today

Enterprise Mobile Threat Report

Enterprise Apps: Bypassing the Gatekeeper

Kaspersky Security for Mobile

MOBILE SECURITY: DON T FENCE ME IN

The Need for BYOD Mobile Device Security Awareness and Training

BYPASSING THE ios GATEKEEPER

Five Best Practices for Secure Enterprise Content Mobility

App Reputation Report February 2013 The Authority in App Security

Mobile Threat Intelligence Report

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

8 Ways to Better Monitor Network Security Threats in the Age of BYOD January 2014

Data Protection Act Bring your own device (BYOD)

ENTERPRISE MOBILE THREATS. 2014: A Year In Review. I. Introduction. Methodology. Key Highlights ENTERPRISE

Bring Your Own Device (BYOD) & Customer Data Protection Are You Ready?

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

Mobile Security. Luther Knight Mobility Management Technical Specialist, Europe IOT IBM Security April 28, 2015.

Smartphone Security Winners & Losers

The Bring Your Own Device Era:

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Android Security Data from the Frontlines

Mobile computing. Does your organisation have any safe options? The better the question. The better the answer. The better the world works.

FIVE KEY BUSINESS INSIGHTS FOR MOBILE SECURITY IN A BYOD WORLD

Advanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer

November 4, Underwritten by:

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

White paper BYOD. - A blessing or curse in disguise?

Mobile Device Security

Mobile Device Management

The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh. May 20 th, 2013

Mobile Security: Top Five Security Threats for the Mobile Enterprise and How to Address Them

THOUSANDS OF APPS CAN'T BE WRONG: MOBILE APPLICATION ANALYSIS AT SCALE

How To Protect Your Mobile Devices From Security Threats

... Mobile App Reputation Services THE RADICATI GROUP, INC.

Five Best Practices for Secure Enterprise Content Mobility. Whitepaper Five Best Practices for Secure Enterprise Content Mobility

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

Mobile Security Standard

Security Best Practices for Mobile Devices

The State of Mobile Application Insecurity

3 Steps to Implementing an Effective BYOD Mobile Security Strategy

Say Yes to BOYD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices

SANS Mobility/BYOD Security Survey

CHECK POINT 3 STEPS TO IMPLEMENTING AN EFFECTIVE BYOD MOBILE SECURITY STRATEGY

Assuring Application Security: Deploying Code that Keeps Data Safe

Enterprise Mobile Security. Managing App Sideloading Threats on ios

Detecting Cyber Attacks in a Mobile and BYOD Organization

White Paper: The Current State of BYOD

Mission-Critical Mobile Security: A Stronger, Sensible Approach

BYOD File Sharing Go Private Cloud to Mitigate Data Risks

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

BYOD in the Enterprise

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

WHITE PAPER. Mobile Security. Top Five Security Threats for the Mobile Enterprise and How to Address Them

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014

Mobile Security Solution BYOD

My CEO wants an ipad now what? Mobile Security for the Enterprise

Mobile Security: Controlling Growing Threats with Mobile Device Management

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

The User is Evolving. July 12, 2011

Simplifying the Challenges of Mobile Device Security

CA Service Desk Manager - Mobile Enabler 2.0

ANDROID APP INSTALLATION AND SCANNING Lecture 11a

Student BYOD - Olathe Public Schools

Chris Boykin VP of Professional Services

Highlight Risks of Mixing Personal Apps and Business Data

Open an attachment and bring down your network?

Symantec Mobile Management 7.2

The Top 7 Ways to Protect Your Data in the New World of

Mobile Security BYOD and Consumer Apps

Guideline on Mobile Devices Security (Updated)

A number of factors contribute to the diminished regard for security:

W H I T E P A P E R E m b r a c i n g C o n s u m e r i z a t i o n w i t h C o n f i d e n c e

A number of factors contribute to the diminished regard for security:

Consumerization Survey Report The Consumerization of IT

Feature BYOD - MOBILITY GOES VIRAL

Mobility, Security Concerns, and Avoidance

Fear and Loathing in BYOD

Practical Attacks against Mobile Device Management Solutions

I D C M A R K E T S P O T L I G H T. T h e E vo l u t i o n of Enterprise Mobility

Developer Criteria Checklist From How to Choose a Book App Developer Karen Robertson

What Do You Mean My Cloud Data Isn t Secure?

Guideline on Safe BYOD Management

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

Why Encryption is Essential to the Safety of Your Business

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential

IT Resource Management vs. User Empowerment

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

How Technology Executives are Managing the Shift to BYOD

MDM: Enabling Productivity in the world of mobility. Sudhakar S Peddibhotla Director of Engineering, Good Technology

Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise

2H 2015 SHADOW DATA REPORT

4 Steps to Effective Mobile Application Security

Transcription:

Feds: You have a BYOD program whether you like it or not We don t have a BYOD program. This statement, referencing mobile device usage in the workplace, will likely sound familiar to federal government employees. Many agencies believe they aren t actually subject to cyber-threats from mobile devices because, simply, they don t currently allow personal mobile devices to access their networks. Ultimately, however, this posture puts the government and its data at risk because federal agencies have a BYOD program whether they like it or not. Need a little convincing? After analyzing 20 federal agencies, Lookout discovered 14,622 Lookout-enabled devices associated with government networks. That means people are connecting their phones to your systems. What s more is that the frequency of serious mobile threat encounters per year among these devices was high: 11 percent. The problem is Shadow BYOD, a reference to unmanaged or unknown mobile devices accessing a network. Similar to Shadow IT, Shadow BYOD introduces a risk of sensitive data leakage due to the lack of visibility and control of this access. In an effort to better understand what s going on here, Lookout surveyed over 1,000 federal government employees to identify their behaviors on mobile and suss out whether that behavior puts sensitive government data at risk. The answer is unequivocally yes. lookout.com 1

Hillary isn t the only one using her personal device for work Whether they realize it or not, federal employees are taking their work home with them -- something your agency might not allow. A whopping 50 percent of federal employees access work email from their personal device, and another 49 percent use their personal device for downloading work documents. This is only one example of the significant amount of data movement between personal and work accounts. Any organization -- federal or not -- should strive for visibility and control over where its data goes. lookout.com 2

It s not that hard to fundamentally change the security of your smart-device A large percentage of government employees are accessing their work documents and communications on personal devices, but quite a few employees are also attempting to customize their device through jailbreaking or rooting. In fact, around seven percent of federal employees claim they jailbreak or root a device they bring to or use at work. That percentage is large enough to indicate that it s not just the tinkerers or the tech-y folks who are jailbreaking or rooting their devices, and it s not just Android users. Six percent of our survey s iphone respondents reported jailbreaking their device, compared with the around eight percent of Android respondents who reported rooting their device. The problem is, while jailbreaking and rooting can be great for the security-saavy, it could expose operating systems to unpatched vulnerabilities and encourage downloading apps from third-party marketplaces known to have malicious apps. lookout.com 3

There are potentially unvetted and unsecure applications connecting to your network A surprisingly high amount of federal employees, 24 percent, are downloading applications from outside of official app stores, such as Google s Play Store and the Apple App Store. This can put a phone at risk because apps from outside of these stores are not guaranteed to have gone through the same vetting rigors that Google and Apple put their published apps through. This also highlights the myth that you can only download apps to an iphone through an official app store, when, in fact, it s very easy to download an app to an ios device through a website or link. lookout.com 4

The threats are real A high percentage -- 18 percent -- of federal employees claim to have encountered malware on their mobile devices, including both personal and government-issued devices. While 19 percent of those were Android users, and 14 percent were iphone users, these percentages are surprisingly higher than the 7 percent average Android malware encounter rate Lookout reported for 2014. Keep in mind that survey respondents are self-reporting and they might misinterpret their experience with potentially malicious software. Despite this reported encounter rate, however, 49 percent of federal employees still don t have a security app or solution installed on the mobile devices they use at or bring to work. lookout.com 5

Just teaching your employees about mobile security issues won t save your data As it turns out, despite being aware of cybersecurity issues, federal employees are willing to sacrifice government security to use a personal mobile device at work. Fifty-eight percent of respondents report being aware of the security consequences of using their personal mobile phones for work, yet 85 percent of them will use their phone for potentially risky activities anyway. People value their convenience very highly and usually will take the path of least resistance to accomplish their goals -- risky or not. Employee education is important, but federal agencies need technology to back them up when education falls through. lookout.com 6

Conclusion Employees increasingly expect to use their mobile devices in all aspects of their lives, and many organizations are struggling with how to balance that expectation with the need to secure sensitive data. Many government agencies do not have a formal BYOD program, but this survey makes one thing abundantly clear: the lack of a formal BYOD program puts sensitive data at risk because employees are getting around the rules and using their devices anyway. Progressive organizations have increasingly embraced personal devices in the workplace, taking advantage of today s device management and security solutions. Moreover, they view security as a holistic effort, of which mobile is a key component due to the prevalence of agency data being accessed. Shadow BYOD should be a major security consideration for the federal government. To forget mobile when securing an agency is to leave the agency unsecured. The federal government needs to consider the devices that are on its networks because they are accessing data, whether they like it or not. Methodology: The survey was conducted on Lookout s behalf by Market Cube between June 19, 2015 and June 26, 2015 among 1,002 United States federal employees. The margin of error is 3.1 percent. lookout.com 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information