The conversation swirling around data privacy in the mobile era ramped up recently with Apple’s recent unveiling of software tools that scan and detect images of child exploitation before they are uploaded to iCloud and the T-Mobile data breach discovered in August that exposed the sensitive personal information of over 40 million customers. These two developments highlight some of the privacy and security challenges that enterprises are navigating in the mobile era.
The news from Apple opened up debate on whether the scanning software would infringe on data privacy. While Apple received support for its aim to eliminate illegal content and protect children, privacy advocates expressed concern that the system could evolve to censor other kinds of content on user’s devices. The Electronic Frontier Foundation noted that Apple’s iMessage is no longer secure messaging, saying, “a secure messaging system is a system where no one but the user and their intended recipients can read the messages or otherwise analyze their contents to infer what they are talking about.”
The T-Mobile breach which exposed customer data including International Mobile Equipment Identity (IMEI) numbers spotlighted the implications for both consumers and enterprises when mobile phones are compromised. Because many people use their phones for work, the exposure of this data has serious privacy and security implications not only for the consumers directly impacted by the breach but potentially the enterprises they work for as well. For example, cyber attackers in possession of compromised IMEI numbers, could clone the phone, receive the two-factor authentication via text message, and use it to break into an enterprise environment.
While growing usage of smartphones has shifted work away from the desktop, injecting mobility into enterprise communication and collaboration, there is no question that this increased mobility presents greater privacy and security challenges for organizations.
According to mobile device and app security company Zimperium, in a typical organization today, 60% of the endpoints containing or accessing enterprise data are mobile.
With mobile devices continuing to be the target of cyberattacks at increasing rates and the growth of BYOD work environments, enterprises today are navigating an expanding cyberthreat landscape that includes security hazards such as malware, phishing and data leakage.
As more and more employees use mobile devices to communicate and share data, enterprises will need to adapt their security posture to address the security, privacy and compliance issues that come along with this mobile-first approach to communications.
A few tips that can help enterprises more securely navigate mobile first communication include:
- Encouraging employees to use a password manager to generate stronger passwords and keep passwords in one encrypted and password-protected app.
- Advising employees to use a VPN on public Wi-Fi to keep prying eyes on the same public network away from data.
- Reminding employees to keep their smartphone's operating system up to date.
- Recommending employees use a passcode on their phone.
- Requesting employees use a company sanctioned, secure communication and collaboration platform.
While the era of mobility can pose security and privacy risks for organizations, adopting an end-to-end encrypted mobile messaging platform like NetSfere purpose built for the enterprise, can eliminate significant areas of risk when it comes to employee communication and collaboration.