As we come to the end of cyber security month – we must admit to ourselves that to err is human. You can employ the latest technology at your company to bolster defenses but you cannot always keep employees from making stupid and unintentional mistakes. This lone fact is why cybersecurity training, and repetitive training, is so important.
You might have heard about the ransomware attack against Atlanta this year. A ransomware attack had significant impact on the city, forcing police officers to file reports by hand and city workers to report via time sheets. Atlanta is currently facing more than $20 million in costs due to the attack.
As we enter into cybersecurity month it makes me think a lot about my own privacy, and how elusive it has become in the 21st century. It seems that everything we do is now tracked; whenever we visit a web page, call someone on our smart phone, visit the doctor, change the temperature on our smart thermostat or simple talk about a specific subject in our own household, our actions get recorded as data – in theory to make our lives better and more productive. However, in an age when digital privacy is practically an oxymoron, what can people do to protect their privacy?
Encryption. It’s a word we hear frequently in the media. Encrypted applications should have backdoors, insists one popular publication. No, it should not, insists another. But what is it actually and why is it so important? Below, are some thoughts. Simply put, encryption is the translation of data into a secret code.
The biggest cyberattack in history has been spreading the globe since last Friday. Spanning across 150 countries, the 300,000 victims have included government agencies, hospitals, manufacturers and universities. When ransomware attack affects your organization how can you keep a secure line of communicaiton with your team? Read on to learn why ephemeral messaging should be a part of your incident response plan.
It seems that every day we have a slew of new sensational cases and revelations that make us stop and think “Is our privacy over? Does anyone even care? What are we to do to protect ourselves?” I say, relax, the situation is bad, but it is not as bad you might think and probably not for the reasons you might think so.
There is only one thing certain in today’s world, and that’s uncertainty. It was certainly driven home by the election results, where everyone was certain of the outcome, until they were not. It is disconcerting to live in this environment. From random terrorist attacks to unprecedented economic and geopolitical events, we need to almost block out the news cycle. In order to survive in this environment, it is important to make a list of things that are in your control and those that are not.
Today’s workforce has gone beyond mobile. It is fluid. The physical mobility of devices has improved so drastically that the lightest devices from 20 years ago would be the heaviest devices today. People aren’t just working in different places because they have to, they are working everywhere because mobility enables them to. The freedom to get things done instantly, without having to rearrange your life, has taken hold of today’s workforce. With it come efficiencies and benefits to the organization, employee and consumer, but also risk that must be considered.
Moving with the fluid workforce are their devices; laptops, tablets, phones and everything in-between are constantly being pulled out at soccer games, doctor’s offices, coffee shops and airports. Everywhere you look, someone is connecting. The problem is that interruptions in the real world are often sudden, abrupt, and urgent. Devices may be quickly put down to address a disruption. It is in that moment that the security of the device and everything on it matters the most.
The devices that enable our freedom contain valuable information. When they are lost, stolen, or simply misplaced, that information becomes vulnerable. What’s more, despite the best efforts of IT professionals to educate people about the importance of securing their device, it doesn’t always happen. With almost every security measure that IT forces onto a device usability is degraded a bit. Degrade usability too much, and users simply move to another device. Even enforcing the use of a passcode on a phone causes consternation:
“Do I use a 4-digit pin or a complex password? I need to take pictures of my kids quickly before the moment passes. Maybe I should disable the code on family days so I don’t miss anything? Not having a code will also make it easier for my kid to play games on it when we’re in the car.”
In fact, studies show that despite the need for security, alarmingly, only 46% of users set a screen lock using a four-digit PIN, password or fingerprint. This means that over 50% of mobile device owners still do not take the basic step of password-protecting their devices. And password protection is just the first step; device encryption is equally important. Without it, a moderately sophisticated attacker can simply access device storage directly, sidestepping password protection altogether.
One obvious reason to care about mobile device security is the sad fact that some of your organization’s mobile devices will be lost. Make no mistake about it: No matter how diligent your staff may be, devices are going to be lost or stolen – eventually. In New York City alone, 73,000 mobile devices were left in taxi cabs in 2014. A lost device should always be regarded as a security breach. Whether the finder attempts to extract information with intent to steal intellectual property, or with the benign intent of identifying the rightful owner, unauthorized access will occur. Unlocked phones and unsecure apps can leave your organization open to a data breach. And this risk certainly is not limited to smartphones – laptops and tablets, while larger, are misplaced every day as well. Unfortunately, there are numerous examples where organizations have been fined for failing to encrypt lost laptops containing PII or PHI. Just this month, Premier Healthcare reported that a non-encrypted laptop was stolen from its billing department, exposing over 200,000 patient’s PII; almost 2000 of those records including social security numbers and/or other financial information.
Simply stated – lost devices are a security breach waiting to happen. With higher local storage capacity and access to cloud storage, lost phones and tablets are next to hit the news for breach of information. No amount of diligence can completely prevent the loss of devices. The best you can do is focus on mitigating the potential fallout and make sure that a lost device does not lead to a data breach.
Beyond securing devices, however, the applications that employees use to share information and communicate vital business information also need to be secure. While many organizations may think that deploying secure apps is excessive given their phone security requirements, those requirements are only as good as the hardware provider’s capabilities and are susceptible to human error.
Apps that encrypt their information prevent sharing, saving or forwarding of information and restrict the extraction of information without proper authorization. This can help mitigate the risk of information leaks or larger breaches. It is a mental shift from only protecting the device to protecting the information that flows between devices and better controlling what can be done with that information. Apps that securely leverage the convenience of mobile devices for rapid information exchange, collaboration and decision making can have a dramatic positive impact on employee workflow efficiency and experience.
Employees just want to use their devices in a way that makes their lives easier and helps them get their jobs done. The introduction of ephemerality has also changed the way we look at collaboration via our mobile devices. Corporate data can now be stored in a secure, fire-walled repository, while removed from devices alleviating much of the risk created by lost or stolen devices.
This is not to say that device security should be ignored. Far from it. Even the most conscientious person might leave valuable information in unsecure locations on their devices, where device security is the last line of defense. On top of reasonable device security, the applications themselves can further protect information on devices and in transit, achieving a deeper level of security and confidence. Secure applications help ensure that the privacy of information belonging to your organization, employees and customers is protected.
In our ever-evolving, technology-rich and breach-heavy world, the need to increase the security on BYOD devices has grown significantly while empowering employee efficiency is just as important. It is incumbent upon every organization to understand the impact of their mobile workforce upon security and compliance mandates in order to minimize the likelihood and impact of data loss or breach. The inclusion of secure apps such as secure mobile messaging help you protect vital information from breach while leveraging the efficiencies of the mobile device. Providing, or enforcing, an option for secure information exchange and collaboration that does not jeopardize privacy or compliance should be included in every organization’s mobile enablement strategy.
To find out more about the benefits that can be realized through secure mobile messaging, contact us.
Contributor: Avi Elkoni
Author–Galina Datskovsky Ph.D., CRM, FAI
As I look back on the year, I can’t help but marvel on the incredible ups and downs that it has brought with it. Although there are many to speak of, both personally and professionally for most of us, cyber security has been front and center throughout 2015 and has become an increasingly prominent topic among companies, families and individuals.
Although an unfortunate reality in the world we now live in, I see the increased interest in cyber security and information security as something extremely positive for our country and all businesses alike. As with many forms of safety, cyber security has developed and grown as a result of incredible technological progress. We have seen firsthand how technology has and continues to improve lives—from smart household gadgets, to healthcare IT, to innovative ways that companies and organizations can now communicate. With great innovation, we also must consider changed behaviors and the impact on how we as human beings interact with each other For me, the increased focus on cyber security in 2015 has been indicative of the extent to which technology has progressed in the last year, how much progress is still yet to come .
At Vaporstream®, we continue to find ways to provide more secure environments to do business, protect sensitive information and communicate. I have been thrilled to see the Vaporstream team grow. I am proud of their talent and look forward to the opportunities ahead.
As we look towards 2016, I anticipate exciting new developments in the world of cyber security, information security, secure mobility and information governance. I wish you the best for 2016. Have an incredible holiday season with friends, family and colleagues. Have a healthy, happy, and peaceful new year!