Use of Mobile Apps in the Workplace: PRIVACY & SECURITY ADAM D.H. GRANT AGRANT@ALPERTBARR.COM
Cell Phone & Tablet Ownership 91% of American adults own a cell phone 56% have smartphones Of Americans aged 16+ 35% own a tablet computer 24% own an e-reader 43% own a tablet computer OR e-reading device Source: Pew Internet Spring Tracking 2013
He s Working! Of the world s 7 billion population, 6 billion have cell phones.
Cell Phone Usage o 67% Use their smartphone everyday o 83% Don t leave home without their device o Location of use: 96% Home 84% On the go 71% Work o What percentage of people would rather give up TV than their smart phone? 36%
Cell Phone Activities The % of cell phone owners who use their cell phones to: Take a picture 82% Send or receive text messages 80% Access the internet 56% Record a video 44% Download apps 43% Source: Pew Research Center s Internet & American Life Project
Tablet Use Activities The % of tablet users who use tablets to: 84% Check Email 57% Find & Install Apps 57% Look up information 24% Manage Finances 18% View Documents Source: Google Research Understanding Tablet Use: A Multi-Method Exploration
Source: Google Our Mobile Planet USA
App Uses Originally offered for general productivity and information retrieval Email Contacts Management Calendar Weather Information Increased consumer demand = Rapid expansion into other categories GPS & Location Based Services Digital Media Publication Mobile Gaming Banking Online Purchasing Capability Social Networking
Advantages of Mobile App Use in the Workplace 1. Increased Efficiency Easy Access to Information Real Time Connectivity = Quick Response Time 2. Increased Productivity Ease of use Function specific design 3. Improved Time Management Automatic Reminders Multi-tasking capabilities
App Security Issues Source: HP - go.pronq.com
App Privacy Issues What types of data do apps typically access? Phone & Email Contacts Call Logs Internet Data Calendar Data Device Location Device Unique ID s Information about how you use the app itself Source: www.onguardonline.gov
Smartphone Owners and Security Measures Key Stats - May 2013 69% Do NOT Back Up Their Phone Data 64% Do NOT Use a Screen Lock 15% Install Antivirus Applications 22% Use Software That Can Locate Their Lost or Stolen Phone 8% Use Applications That Can Wipe Out The Content of Their Phone Remotely 39% Are NOT Using Any of the Protective Measures Outlined Source: Consumer Reports
Mobile Devices Invade the Workplace How many employees use their personal devices for business? Smart Phone 41% Tablet 37% Source: IDG Global Solutions 2013 Mobile Survey
Mobile Devices Invade the Workplace Is Your Personally / Privately Purchased / Owned Device Fully Supported by Your Company s IT Department? 46 % 54% YES NO 36% 64% Smartphone Tablet Source: IDG Global Solutions 2013 Mobile Survey
Vulnerability by the Numbers A December 2013 McAfee Survey found that: 80% of survey respondents admit to using non-approved Software-as-a-Service (SaaS) application in their jobs Nearly 35% of all SaaS applications used within the enterprise are non-approved 39% of IT respondents use unauthorized SaaS because it allows me to bypass IT processes 18% of respondents agreed that IT restrictions make it difficult to do my job
What Does This Mean for Your Company?
Potential Hazards Company Liability Breach of Security Network Protections Malware Lack of Company Control Data Safety o Handling & Storage of Consumer Data o Company Sensitive Information
How to Protect Your Company Risk: O Companies often do not know where data and other information are. Solution: Implement a centralized way of managing data Example: Mobile Device Management (MDM) Program Easier to protect the data when you know where it is Source: Enterprise Networking Planet
How to Protect Your Company Risk: O Mobile device security is usually neglected. Solution: Mandate Malware Protection Software on Mobile Devices Devices should be encrypted and authenticated The best way to stop risk is to decide what information and apps can be on the device, and if it shouldn t be there BLOCK IT. Source: Enterprise Networking Planet
How to Protect Your Company Risk: O Lack of employee knowledge and education regarding risks involved in having sensitive data on devices. Solution: Educate employees regarding: What apps and devices are authorized What apps and devices are NOT authorized Risks of using unsecured apps and devices Source: Enterprise Networking Planet
Risk: How to Protect Your Company O It is an act of trust to give sensitive information to employees specifically through their mobile device - and not all employees will honor that trust. Solution: Access should be given to only those employees who need it, when they need it. If data is highly sensitive, it should be monitored and controlled. Data transfers should be monitored and restricted. Source: Enterprise Networking Planet
Risk: How to Protect Your Company OLack of a governance framework Solution: Develop and Implement a Company Mobile Device Use Policy Implement a security policy that manages all stages of risk from installation to retirement of devices. Sample elements to include in company policy: Remote wipe capability in the event of loss or theft of device Minimum password protection/encryption standards User responsibility Enforcement of policy Employee Acceptance of Company Mobile Device Use Policy Source: Enterprise Networking Planet
Security and Protection Game Plan Implement a centralized way of managing data Mandate Malware Protection Software on ALL Mobile Devices Used for Work & Accessing Company Network Educate employees regarding risks of use of unauthorized and unsecured devices Provide lists of Whitelisted & Blacklisted Apps Protect company data by monitoring and restricting access to only those who need it
Security and Protection Game Plan And most importantly Communicate company expectations and employee responsibility by Developing and Implementing a Company Mobile Device Use Policy
BYOD: Bring Your Own Device Employer Question: How do I secure information on a device that I don t own? PROS: Employee (EE) owns devices and pays for cellular plan Employer (ER) does not necessarily provide IT support for device ER does not necessarily have to replace device if it is lost, stolen or damaged. CONS: ER does NOT have much control over devices (i.e. how it s used & who uses it) Employer does not have explicit rights to view/inspect device If EE/ER relationship terminates, it may be difficult for ER to retrieve company sensitive data
COPE: Company Owned Personal Enabled Employer Question: How can I loosen my grip for my employees to use the devices for personal use? PROS: Employer (ER) owns devices and pays for cellular plan Empoyee (EE) has privilege of using device for some personal use ER property therefore ER may implement control over device and employ tracking, remote wipe and use monitoring capabilities (with sufficient disclosure to employees usually via company policy) CONS: Expense - Cost of device (acquisition & replacement in event of loss or theft) and IT support ER may have greater liability if device is used in misbehavior
Adam D.H, Grant works with app developers across the nation to prevent litigation and ensure compliance with privacy and data security issues. If litigation escalates to trial, Adam is an experienced trial lawyer having litigated matters in both state and federal courts. His successes include obtaining a $6M jury verdict on behalf of his client after a three-week jury trial. When defending a client against a multi-million dollar lawsuit, Adam obtained a favorable verdict for his client when faced with a $3M demand at trial. Adam has considerable expertise in complex business litigation. He has presented oral arguments before the California Court of Appeals on numerous occasions. Adam D.H. Grant agrant@alpertbarr.com 818-881-5000